RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
- Receiving the following message when running the All Users report;
Error: Duplicate User ID
- Running the Clean Unresolvable Users job results in the message:
No unresolvable users were found
- No details about duplicate user IDs are displayed in the System log, in the Administration Activity log, or in /opt/rsa/am/server/logs/imsTrace.log.
- Log in to the Operations Console and go to Administration > Download Troubleshooting Files.
- Follow the on-screen directions to generate and download the troubleshooting files from the RSA Authentication Manager server.
- Extract the files in the downloaded .zip file to a local directory.
- Browse /opt/rsa/am/rsapgdata/pg_log/postgres_<datestamp of the latest available log file>. In the example, the duplicate user ID is madhib. The following two errors are in this file:
2020-04-05 13:22:27.139 GMT [unknown] rsa_user 76c3540c.3pkb 6/596614 1999523
ERROR: duplicate key value violates unique constraint "ak_ims_principal_isrcid_uid"
2020-04-05 13:22:37.139 GMT [unknown] rsa_user 76c3540c.3pkb 6/596614 1999523
DETAIL: Key (loginuid, identity_src_id)=(madhib, 5df9024e2909350f01cd29e1a016759b) already exists.
- After determining the duplicate user(s), follow the steps below:
- Open the Operations Console.
- Browse to Deployment Configuration > Identity Sources > Manage Existing.
- Edit the identity source to which the user belongs:
- Click the Map tab.
- Change the Search Filter from (&(objectClass=User)(objectcategory=person)) to (&(objectClass=User)(objectcategory=person)(!(samAccountName=<user_id>))), where <user_id> is the duplicate user who is found in the troubleshooting logs. Based on the example above, it is (&(objectClass=User)(objectcategory=person)(!(samAccountName=madhib))).
- Click Save.
- Log in to the Security Console and browse to Setup > Identity Source > Clean Up Unresolvable Users.
- After the cleanup is complete, go back to the Operations Console under Deployment Configuration > Identity Sources > Manage Existing.
- Edit the identity source again to restore the Search Filter back to (&(objectClass=User)(objectcategory=person))
- Click Save.
- Run the All Users report to confirm it runs successfully.