RSA Cloud Authentication Service password authentication fails due to "LDAP account not permitted to authenticate via this identity router"
Article Number
Applies To
RSA Product/Service Type: Identity Router
RSA Version/Condition: all
Issue
LDAP password authentication failed - LDAP account not permitted to authenticate via this identity routerThe symplified.log of the IDR that processed the LDAP authentication, will log an event similar to the following at the time of the authentication failure:
LDAPException(resultCode=49 (invalid credentials), diagnosticMessage='80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 531, v2580 ', ldapSDKVersion=4.0.6, revision=27850)The event will also appear in the Identity Router System Log at the time of the authentication failure.
Tasks
The "workstation" for the RSA Cloud Authentication Service, is the Identity Router (IDR) that performed the password authentication for that user.
To allow the user to authenticate with the RSA Cloud Authentication Service, the user must be authorized in Active Directory to authenticate through all IDRs in your deployment.
Resolution
- Logon to the Microsoft Active Directory server as an administrator
- Open Active Directory Users and Computers
- Go to View > Advanced Features
- Navigate to the affected user, right-click and choose Properties
- Open the Attribute Editor tab
- Edit the userWorkstations attribute to add the fully-qualified domain name (DNS name) of every IDR.
- DNS names must be separated by a commas
- Alternatively, to allow the user to login to any workstation or via any IDR, delete all existing values for the userWorkstations attribute.
Notes
Related Articles
Request a Cloud Access Service Account Number of Views Users unable to authenticate with LDAP password on both Security Console and Self-Service Console for RSA Authentication M… Number of Views Connect to Identity Sources Using LDAPS Number of Views Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to… Number of Views Allow Users to Authenticate on an Agent Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records Unable to login to RSA Authentication Manager Security Console as super admin RSA Authentication Manager 8.9 Release Notes (January 2026) How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device Connection fails to Cloud Authentication Service when connecting through a proxy server from RSA Authentication Manager to…
Don't see what you're looking for?
