When an attribute is configured in Security Console under Identity > Users > Authentication Settings > RADIUS > RADIUS User Attributes, you may notice the attribute sent by RSA Authentication Manager to RADIUS client has both an attribute ID and an attribute name appended to the value.
If you select 11 - Filter-ID" from Attribute and set "policy_GRP_1 as the value, the attribute contained in RADIUS response message is:
If you select 18 - Reply-Message from Attribute and set GRP as the value, the attribute contained in RADIUS response message is:
On the other hand, if you set a RADIUS profile in RADIUS > RADIUS Profiles, then link it with a user or agent, the attribute sent by RSA Authentication Manager to RADIUS client contains just the value. For example, if you select Filter-ID[M] for Attribute and set policy_GRP_I as the value, the attribute contained in RADIUS response message is:
The issue is that the attribute format of attribute_id+attribute_name+attribute_value may not be accepted by RADIUS clients.
You can change the configuration in the Security Console to determine how the RADIUS attribute(s) are returned. The configuration specifies whether just the attribute value is returned, or the Attribute Name + ID + Value.
For RSA Authentication Manager 7.1, see steps provided in the Notes section, below.
For Authentication Manager 8.x:
Login to the Security Console.
Navigate to Setup > System Settings > RADIUS.
Check the option to Send user´s RADIUS attributes to the RADIUS server upon successful authentication.
You can then set the RADIUS Attribute Format. Select one of three options. Use the above example for reference, where 11 - Filter-ID is Attribute and policy_GRP_1 is set as value.
Send attribute ID, attribute name, and attribute value