RSA Cloud Authentication Service password authentication fails due to "LDAP account not permitted to authenticate via this identity router"
Article Number
Applies To
RSA Product/Service Type: Identity Router
RSA Version/Condition: all
Issue
LDAP password authentication failed - LDAP account not permitted to authenticate via this identity routerThe symplified.log of the IDR that processed the LDAP authentication, will log an event similar to the following at the time of the authentication failure:
LDAPException(resultCode=49 (invalid credentials), diagnosticMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 531, v2580 ', ldapSDKVersion=4.0.6, revision=27850)The event will also appear in the Identity Router System Log at the time of the authentication failure.
Tasks
The "workstation" for the RSA Cloud Authentication Service, is the Identity Router (IDR) that performed the password authentication for that user.
To allow the user to authenticate with the RSA Cloud Authentication Service, the user must be authorized in Active Directory to authenticate through all IDRs in your deployment.
Resolution
- Logon to the Microsoft Active Directory server as an administrator
- Open Active Directory Users and Computers
- Go to View > Advanced Features
- Navigate to the affected user, right-click and choose Properties
- Open the Attribute Editor tab
- Edit the userWorkstations attribute to add the fully-qualified domain name (DNS name) of every IDR.
- DNS names must be separated by a commas
- Alternatively, to allow the user to login to any workstation or via any IDR, delete all existing values for the userWorkstations attribute.
Notes
Related Articles
Unable to authenticate with Authentication Agent for PAM for SSH due to SELinux Number of Views LDAP password authentication failed - Logon failure: unknown username or invalid password when attempting RADIUS authentic… Number of Views Backup fails with an error: "Command failed due to timeout of 3600000 milliseconds" on RSA Authentication Manager in 8.4 Number of Views Users unable to authenticate with LDAP password on both Security Console and Self-Service Console for RSA Authentication M… Number of Views RSA Identity Governance & Lifecycle Identity Data Collection is failing due to ORA-00904: CUS_ATTR_USER_CAS_XX invalid ide… Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
