Resolving profile and user attributes, Default profile – RSA Security 6.1 User Manual

52

Administering Profiles

September 2005

Resolving Profile and User Attributes

If user-specific attributes are stored in the RSA Authentication Manager database,
RSA RADIUS Server determines the final set of attributes for a user by merging
the attributes stored in the user’s profile with user-specific attributes from the
RSA Authentication Manager database. This calculation is performed as follows:

1

The attributes from the profile assigned to the user are retrieved.

2

These attributes are then merged with the user-specific attributes in the
following manner:

Z

If an attribute is multi-valued, then the user-specific attribute is added to
the overall list of attributes.

Z

If an attribute is single-valued, then the user-specific attribute replaces
the attribute of the same name that was provided by the profile.

Z

If the attribute is orderable, then the user-specific attribute replaces the
attribute of the same name that was provided by the profile.

Default Profile

After RSA Authentication Manager authenticates a user, it can return the profile
name associated with that user to RSA RADIUS Server. The profile name
specified by RSA Authentication Manager identifies a profile configured on
RSA RADIUS Server; that profile specifies the return list attributes to send back
to the RADIUS client as part of the Access-Accept message for that user.

If RSA Authentication Manager does not return a profile name for a user,
RSA RADIUS Server returns the attributes specified in the Default profile. You
can use the Default profile to create a default set of return list attributes for users.