This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

Authentication Manager 8.x ./rsautil store -a update_config gives WARNING cannot find the config name

Article Number

000036838

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x all versions
 

Issue

Many knowledge articles and tech notes explain how to change default system configuration settings with GLOBAL configuration values or variables.  See Notes for example.

The issue is, when you follow the steps in these articles, you can get  the following warning:

rsaadmin@am82r1:/opt/rsa/am/utils> ./rsautil store -a update_config auth_manager.extend_token_life.token_days_for_expiration 16 GLOBAL 503
Please enter OC Administrator username:  <enter Operations Console user name>
Please enter OC Administrator password:  <enter Operations Console user password>
psql.bin:/tmp/b9296f16-c0c4-407c-8ef1-6db9cfcfbe531604505986452836533.sql:167: WARNING:   Unable to update the value: cannot find the config name 'auth_manager.extend_token_life.token_days_for expiration' for the host instance 'GLOBAL'.
 update_config
---------------

(1 row)
rsaadmin@am82p:/opt/rsa/am/utils>
 

Cause

The Authentication Manager default system values are not stored in these configuration variables.  Configuration value variables should be thought of as override values; and therefore, must first be created with the add_config parameter before they can be updated or modified with the update_config parameter.

Running the ./rsautil store ? command provides the following output:
 
rsaadmin@am82r1:/opt/rsa/am/utils> ./rsautil store ?
Usage: rsautil store -a <action> -o <Operations Console (OC) Username>  -p <Operations Console (OC) password>
Options:
 -o, --oc-user         Operations Console (OC) administrator user name.
 -p, --oc-user-pw      Operations Console (OC) administrator password.
 -h, --help            prints help message and exits.
 -v, --version         prints version information and exits.
 -V, --verbose         enable verbose output. Optional.
 -a, --action          (one of the following)

     add_config <name> <value> <hostname> <data_type> Create a new config parameter.
     NOTE: Prior versions of this command expected INSTANCE NAME rather than HOST NAME as the third parameter. You can also use keyword GLOBAL for the hostname argument in the case of global config parameter.
     Data_type: Accepts values of type INTEGER, BOOLEAN, STRING, DATE and Numeric value data types supported in AM 8.0(example 511 for enum type).

     enable_min_protocol_tlsv1_2 <isEnableProtocol> This command enables or disables the TLS 1.2 protocol.
     NOTE: *******To re-start the services automatically, use the optional argument 'restart'  **********
     Data_type: Accepts values of type BOOLEAN.

     update_config <name> <value> <hostname> Set config parameters.
     NOTE: Prior versions of this command expected INSTANCE NAME rather than HOST NAME as the third parameter. You can also use keyword GLOBAL for the hostname argument in the case of global config parameter.

If you run add_config, but the name already exists in the system, the error you will see is:

ERROR:  The config already exists 

If the update_config parameter does not exist, the following warning displays:
 
WARNING: cannot find the config name <name>

Resolution

If you are creating a new override value to a system default configuration value, you should use ./rsautil store -a add_config parameter instead of update_config.

The WARNING:   Unable to update the value: cannot find the config name '<name>' for the host instance 'GLOBAL' message is an indication that the value does not exist and must first be created with the add_config command, as in the example below:
 
rsaadmin@am82r1:/opt/rsa/am/utils> ./rsautil store -a add_config auth_manager.extend_token_life.token_days_for_expiration 16 GLOBAL 503
Please enter OC Administrator username:  <enter Operations Console user name>
Please enter OC Administrator password:  <enter Operations Console user password>
psql.bin:/tmp/5a6fe8e9-d36a-478e-86c9-84e1a34dc7965982186461118251238.sql:108: NOTICE:  Added the new configuration parameter "auth_manager.extend_token_life.token_days_for_expiration" with the value "16" 
 update_config
---------------

(1 row)
rsaadmin@am82r1:/opt/rsa/am/utils>


Likewise, if you try to run ./rsautil store -a add_config and get ERROR: The config already exists, then use ./rsautil store -a update_config to modify this override variable

Notes

For example, by default, Authentication Manager is set to only extend tokens 15 days prior to their expiration date.  Knowledge article 000036609 - How to increase the window for extending token lifetime prior to expiration from 15 days in RSA Authentication Manager 8.2 and later was written to address this.
 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 07:37 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.