When an attribute is configured in Security Console under Identity > Users > Authentication Settings > RADIUS > RADIUS User Attributes, you may notice the attribute sent by RSA Authentication Manager to RADIUS client has both an attribute ID and an attribute name appended to the value.

For example:

• If you select 11 - Filter-ID" from Attribute and set "policy_GRP_1 as the value, the attribute contained in RADIUS response message is:

  Filter-ID=ATTR11_Filter-ID=policy_GRP_1

• If you select 18 - Reply-Message from Attribute and set GRP as the value, the attribute contained in RADIUS response message is:

  Reply-Message=ATTR1_Reply-Message=GRP

On the other hand, if you set a RADIUS profile in RADIUS > RADIUS Profiles, then link it with a user or agent, the attribute sent by RSA Authentication Manager to RADIUS client contains just the value.  For example, if you select Filter-ID[M] for Attribute and set policy_GRP_I as the value, the attribute contained in RADIUS response message is:

Filter-ID=policy_GRP_

The issue is that the attribute format of attribute_id+attribute_name+attribute_value may not be accepted by RADIUS clients.

For RSA Authentication Manager 7.1, see steps provided in the Notes section, below.

1. Login to the Security Console.
2. Navigate to Setup > System Settings > RADIUS.
3. Check the option to Send user´s RADIUS attributes to the RADIUS server upon successful authentication.
4. You can then set the RADIUS Attribute Format. Select one of three options. Use the above example for reference, where 11 - Filter-ID is Attribute and policy_GRP_1 is set as value.
   1. Send attribute ID, attribute name, and attribute value

Filter-ID=ATTR11_Filter-ID=policy_GRP_1

2. Send attribute name and attribute value

Filter-ID=Filter-ID=policy_GRP_1

3. Send attribute value only

Filter-ID=policy_GRP_1

5. Click Save when done.