Error "Realm not supported in this version" when creating local realm on ProxySG/EdgeSWG 7.4.1.1 SGAC
search cancel

Error "Realm not supported in this version" when creating local realm on ProxySG/EdgeSWG 7.4.1.1 SGAC

book

Article ID: 275194

calendar_today

Updated On:

Products

ISG Proxy ProxySG Software - SGOS Advanced Secure Gateway Software - ASG

Issue/Introduction

Customer wants to create a LOCAL REALM for the ProxySG to include additional Administrator accounts following KB: https://knowledge.broadcom.com/external/article/165595/configuring-local-realm-authentication-f.html 

When trying to view the Local Realm via SGAC (Proxy > Configuration > Authentication > Local) it gets an error:

Realm not supported in this version

Environment

Release : 7.3.14.2 / 7.4.1.1

Interface: SGAC (HTML5)

Cause

Issue with functionality of SGAC HTML5 UX is known to developers and it's under development  (SWGMGT-7715, SWGMGT-7761)

Resolution

Functionality will be added in 7.4.2/7.3.17.1 and higher versions of SGOS with SGAC

 

The creation of the realm is still available via CLI and I was able to successfully create admin group, assign privileges, add via VPM and test the access.

 

According to: Configuring local realm Authentication for management console access on Edge SWG (ProxySG) https://knowledge.broadcom.com/external/article/165595/configuring-local-realm-authentication-f.html

sg>

sg>enable

Create a new userlist, which is where users’ usernames, passwords, and associations with groups will be stored

sg# conf t

sg#(config) security local-user-list create sgusers

sg#(config) security local-user-list edit sgusers

Create the user group to the realm: 

sg#(config local-user-list sgusers) group create sgadmins

Create the two admin users, then edit their password and group membership:

sg#(config local-user-list sgusers) user create admin1

sg#(config local-user-list sgusers) user create admin2

sg#(config local-user-list sgusers) user edit admin1

sg#(config local-user-list sgusers admin1) password adminsys1

sg#(config local-user-list sgusers admin1) group add sgadmins

sg#(config local-user-list sgusers admin1) exit

sg#(config local-user-list sgusers) user edit admin2

sg#(config local-user-list sgusers admin2) password adminsys2

sg#(config local-user-list sgusers admin2) group add sgadmins

sg#(config local-user-list sgusers admin2) exit

Confirm that the users were added correctly by reviewing the Local Realm User List, then exit this section.

sg#(config local-user-list sgusers) view

sg#(config local-user-list sgusers) exit

Create the local Realm and import the userlist into it:

sg#(config) security local create-realm localsgrealm

sg#(config) security local edit-realm localsgrealm

sg#(config local localsgrealm) local-user-list sgusers

sg#(config local localsgrealm) view

sg#(config local localsgrealm) exit

 

Check in GUI if the new real is created

Proxy > Configuration > Authentication > Local

The newly created realm is not available to edit via GUI with following – Realm not supported in this version

To view this information only CLI can be used.

 

VPM POLICY ACCESS

Create two rules, one for each group by going into the Visual Policy Manager:

Add a new Admin Access Layer rule:

Source: Add New Object > Group > Group: sgadmins Authentication: localsgrealm - > localsgrealm:sgadmins

Place an Action: Allow Read/Write Access

 

Add a new Admin Authentication Layer rule

Source: <defined source ip for admin users>

Action: New object > Authenticate > Realm: localsgrealm

 

Save the Policy

 

Open a new incognito browser tab and check the newly created user account if available

 

Additional Information

KB articles:

Powered by Wolken Software