This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

RSA SecurID Help Desk Administration Portal logon fails in RSA Authentication Manager Prime

Article Number

000031057

Applies To

RSA Product Set:  SecurID
RSA Product/Service Type:  Authentication Manager Prime

Issue

The following error displays when logging in to the Help Desk Administration Portal (HDAP) fails with the message:

You are not authorized for the operation.

Image descriptionImage description

The Help Desk Administration Portal log (hdap.log) located in /opt/rsa/primekit/logs/hdap, reports the following error: 
2015-08-26T11:21:05,303+1000,70953139 [http-bio-8282-exec-6] ERROR com.rsa.pso.lap.web.UtilityBean  -  getPermissions() => 
 hdapadmin is not assigned to any administrative roles that support allow access to hdap. Contact your administrator to grant access to hdap 
2015-08-26T11:21:05,303+1000,70953139 [http-bio-8282-exec-6] ERROR com.rsa.pso.lap.web.UtilityBean  - Exception occurred sending status code
 403/com.rsa.pso.exception.UnAuthorizeException: You are not authorized to view this page
2015-08-26T11:21:05,303+1000,70953139 [http-bio-8282-exec-6] ERROR com.rsa.pso.lap.web.UtilityBean  - Exception occurred sending status code
 403/java.lang.Exception

Cause

The Help Desk Admin Portal uses the RSA Authentication Manager administrative roles that are defined in the Security Console to map claims for HDAP administrative users. The role names that are defined in the <HDAP_home>/config/lapProto.xml file must match the administrative roles that are defined in the Security Console.

Resolution

To resolve this issue,
  1. Using an administrative account for the RSA Authentication Manager Security Console, add the administrative role that matches the name of the role name that is used by the Help Desk Admin Portal. For example:
 
Image descriptionImage description
 

An administrative role is a collection of permissions that can be assigned to an administrator. A role determines what level of control the administrator has over users, user groups, and so on. You can add administrative roles to your deployment, and assign these roles to users. If you assign multiple administrative roles to a user, the permissions are combined.

 

Before You Begin

To create an administrative role, you must have an administrative role that:
  • Grants permission to create administrative roles
  • Includes the permissions added to the new administrative role
  • Allows the administrator to delegate the permissions that are granted to the role. This is set with the Permission Delegation setting for the role that is assigned to the administrator who is creating the role


Procedure

  1. In the Security Console, go to Administration > Administrative Roles > Add New.
  2. In the Administrative Role Name field, enter a name for the new administrative role.
  3. (Optional) If you want to allow administrators to delegate their role permissions to other administrators, select Permission Delegation.
  4. In the Security Domain Scope tree, select the security domains in which the new administrative role grants permissions.
  5. In the Identity Source Scope field, select the identity sources where you want this administrative role to grant permissions.
  6. Click Next.
  7. Assign general permissions to the administrative role.
  8. (Optional) To restrict attributes,
    1. In the User Attribute Restriction field, select May only access specific attributes.
    2. An Attributes drop-down menu appears. Select Modify, View, or None for each attribute. If you select None, the attribute is hidden.
    • The value in this field must be consistent with the value that is specified in the Entry Type field on the Add an Identity Attribute Definition page.
    • If the attribute definition is read-only, do not select Modify for the User Attribute Restriction.
    • If the attribute definition is required, do not specify View or None in the User Attribute Restriction. If you do, you cannot add the role.
  9. Click Next.
  10. Assign authentication permissions to the administrative role.
  11. Click Next.
  12. Assign self-service permissions to the administrative role.
  13. Click Next.
  14. Use the Security Domain drop-down menu to select the security domain that is associated with the administrative role.
  15. Review the summary of the administrative role, and click Save.

Notes

 
Tags (60)
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 12:42 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.