000036838 - Authentication Manager 8.x ./rsautil store -a update_config gives WARNING cannot find the config name

Document created by RSA Customer Support Employee on Oct 16, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036838
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x all versions
 
IssueMany knowledge articles and tech notes explain how to change default system configuration settings with GLOBAL configuration values or variables.  See Notes for example.

The issue is, when you follow the steps in these articles, you can get  the following warning:

rsaadmin@am82r1:/opt/rsa/am/utils> ./rsautil store -a update_config auth_manager.extend_token_life.token_days_for_expiration 16 GLOBAL 503
Please enter OC Administrator username:  <enter Operations Console user name>
Please enter OC Administrator password:  <enter Operations Console user password>
psql.bin:/tmp/b9296f16-c0c4-407c-8ef1-6db9cfcfbe531604505986452836533.sql:167: WARNING:   Unable to update the value: cannot find the config name 'auth_manager.extend_token_life.token_days_for expiration' for the host instance 'GLOBAL'.
 update_config

---------------

(1 row)
rsaadmin@am82p:/opt/rsa/am/utils>

 
CauseThe Authentication Manager default system values are not stored in these configuration variables.  Configuration value variables should be thought of as override values; and therefore, must first be created with the add_config parameter before they can be updated or modified with the update_config parameter.

Running the ./rsautil store ? command provides the following output:
 
rsaadmin@am82r1:/opt/rsa/am/utils> ./rsautil store ?
Usage: rsautil store -a <action> -o <Operations Console (OC) Username>  -p <Operations Console (OC) password>
Options:
 -o, --oc-user         Operations Console (OC) administrator user name.
 -p, --oc-user-pw      Operations Console (OC) administrator password.
 -h, --help            prints help message and exits.
 -v, --version         prints version information and exits.
 -V, --verbose         enable verbose output. Optional.
 -a, --action          (one of the following)

     add_config <name> <value> <hostname> <data_type> Create a new config parameter.
     NOTE: Prior versions of this command expected INSTANCE NAME rather than HOST NAME as the third parameter. You can also use keyword GLOBAL for the hostname argument in the case of global config parameter.
     Data_type: Accepts values of type INTEGER, BOOLEAN, STRING, DATE and Numeric value data types supported in AM 8.0(example 511 for enum type).

     enable_min_protocol_tlsv1_2 <isEnableProtocol> This command enables or disables the TLS 1.2 protocol.
     NOTE: *******To re-start the services automatically, use the optional argument 'restart'  **********
     Data_type: Accepts values of type BOOLEAN.

     update_config <name> <value> <hostname> Set config parameters.
     NOTE: Prior versions of this command expected INSTANCE NAME rather than HOST NAME as the third parameter. You can also use keyword GLOBAL for the hostname argument in the case of global config parameter.



If you run add_config, but the name already exists in the system, the error you will see is:


ERROR:  The config already exists 



If the update_config parameter does not exist, the following warning displays:
 


WARNING: cannot find the config name <name>
ResolutionIf you are creating a new override value to a system default configuration value, you should use ./rsautil store -a add_config parameter instead of update_config.

The WARNING:   Unable to update the value: cannot find the config name '<name>' for the host instance 'GLOBAL' message is an indication that the value does not exist and must first be created with the add_config command, as in the example below:
 
rsaadmin@am82r1:/opt/rsa/am/utils> ./rsautil store -a add_config auth_manager.extend_token_life.token_days_for_expiration 16 GLOBAL 503
Please enter OC Administrator username:  <enter Operations Console user name>
Please enter OC Administrator password:  <enter Operations Console user password>
psql.bin:/tmp/5a6fe8e9-d36a-478e-86c9-84e1a34dc7965982186461118251238.sql:108: NOTICE:  Added the new configuration parameter "auth_manager.extend_token_life.token_days_for_expiration" with the value "16" 
 update_config

---------------

(1 row)
rsaadmin@am82r1:/opt/rsa/am/utils>



Likewise, if you try to run ./rsautil store -a add_config and get ERROR: The config already exists, then use ./rsautil store -a update_config to modify this override variable
NotesFor example, by default, Authentication Manager is set to only extend tokens 15 days prior to their expiration date.  Knowledge article 000036609 - How to increase the window for extending token lifetime prior to expiration from 15 days in RSA Authentication Manager 8.2 and later was written to address this.
 

Attachments

    Outcomes