000033897 - User alias functionality across trusted realms Error user login "<usernamealias>" could not be discovered in the local realm or by searching configured trusted realms

Document created by RSA Customer Support Employee on Oct 20, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000033897
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.1
IssueWhen utilizing the user alias functionality across trusted realms, users may encounter the following error:
The user login "<usernamealias>" could not be discovered in the local realm or by searching configured trusted realms.

When "Enable Trusted Realm Authentication" AND "Only Trusted Users in Trusted User Groups with access to the agent can authenticate" are set for an authentication agent configuration, you must have the user be part of a trusted group.
CauseWhen authentication agent group restriction is enabled, additional settings are required on both side of the trusted realm configuration.
  1. From the Security Console select Administration > Trusted Realms > Trusted User Groups.  
  2. Select either Manage Existing and add the user to the group or select Add New. and create the new group, adding the user to it.
  3. Once you've added the group, you must do the same on the other Authentication Manager primary in the trusted realm.  Be sure the group name and case is exactly the same on both primaries.
  4. Once the group is created you must add users to the group as follows:
    1. In the Security Console, click Administration > Trusted Realms > Trusted Users > Add New.
    2. In the Trusted User ID field, enter the user's user ID.
    3. From the Trusted Realm Name drop-down menu, select the trusted realm where the user belongs.
    4. From the Security Domains drop-down menu, select the security domain where the policies for this trusted user are managed.  Note:  Only administrators whose administrative scope includes the security domain you select can manage the user.
    5. In the Default Shell field, enter the shell that users employ to access a Unix machine.
    6. Click Save.