52 Administering Profiles September 2005
Resolving Profile and User Attributes
If user-specific attributes are stored in the RSA Authentication Manager database,
RSA RADIUS Server determines the final set of attributes for a user by merging
the attributes stored in the user’s profile with user-specific attributes from the
RSA Authentication Manager database. This calculation is performed as follows:
1 The attributes from the profile assigned to the user are retrieved.
2 These attributes are then merged with the user-specific attributes in the
following manner:
Z If an attribute is multi-valued, then the user-specific attribute is added to
the overall list of attributes.
Z If an attribute is single-valued, then the user-specific attribute replaces
the attribute of the same name that was provided by the profile.
Z If the attribute is orderable, then the user-specific attribute replaces the
attribute of the same name that was provided by the profile.
Default Profile
After RSA Authentication Manager authenticates a user, it can return the profile
name associated with that user to RSA RADIUS Server. The profile name
specified by RSA Authentication Manager identifies a profile configured on
RSA RADIUS Server; that profile specifies the return list attributes to send back
to the RADIUS client as part of the Access-Accept message for that user.
If RSA Authentication Manager does not return a profile name for a user,
RSA RADIUS Server returns the attributes specified in the Default profile. You
can use the Default profile to create a default set of return list attributes for users.
