How to configure CP-Gaia-SuperUser-Access attribute to be returned
Originally Published: 2019-11-27
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4.0
Platform: null
Platform (Other): null
O/S Version: null
Product Name: null
Product Description: null
Issue
Resolution
Log on to the Operations Console on the RSA Authentication Manager instance hosting the RADIUS server > Click Deployment Configuration > RADIUS Servers > If prompted, enter the Super Admin User ID and password, and click OK > Select the RADIUS server hosted on this instance, and select Manage Server Files from the context menu > On the Manage Server Files page > Click the Dictionary Files tab > Click Add New > Select the checkpoint.dct file.
2) Edit the vendor.ini with the following:
vendor-product = CheckPoint
dictionary = checkpoint
ignore-ports = no
port-number-usage = per-port-type
help-id = 2000
3) Edit the dictiona.dcm and add @checkpoint.dct as following:
@bluesocket.dct
@chantry.dct
@checkpoint.dct
@cisco.dct
4) Edit the the radius.ini file.
4.1) Remove the semicolon from the ;[Configuration] section header line if present.
4.2) In the [Configuration] section, if a line exists with AuthenticateOnly as the header, remove the leading semicolon (if present), and make sure the value is 0, not 1. If the line doesn't exist, add this line underneath the line for AuthenticateOnly = 0 Make sure you use the same capitalization, and spacing.
5) Restart the radius and radiusOC service.
6) If the Security Console is opened please close this session and open a new one. Go to your RSA Radius Client for your Checkpoint and select "CheckPoint".
7) Create a new Radius Profile having these Check Point attributes:
CP-Gaia-User-Role
CP-Gaia-SuperUser-Access
8) Assign this Radius Profile to the userid
Related Articles
Planning to Add an Application Using HTTP Federation Proxy Number of Views Configure the Telemetry Service Number of Views Detailed report of memory utilization on Linux for RSA Authentication Manager 8.x Number of Views Planning for Domain Name System Updates Number of Views A customer requests that a BIN in TEST environment be moved into PRODUCTION environment This procedure explains and provid… Number of Views
Trending Articles
RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows How a Multi-App Entitlement Collector (MAEDC) resolves entitlement relationships with accounts and groups collected by a M… RSA Governance & Lifecycle 8.0 Patch 10 Release Notes Cloud Administration Clear PIN RSA DS100 OTP Credential API User Event Monitor Messages for Cloud Access Service (20601 - 38000)
Don't see what you're looking for?
