CA TSS and CA AAM RADIUS Configuration with Attachmate Reflection for the Web.
Article ID: 98061
Top SecretTop Secret - LDAP
'CA TSS and CA AAM RADIUS configuration with Attachmate Reflection for the Web' problem, i.e. it appears not to work?
Release: Component: TSSMVS
This was related to 'DNS Lookup'. CA 'Lookup-related' calls coded are ok, but the third-party API code used for Radius Client cause the problem, i.e. design limitation of the API code. Very early in the RADIUS Client constructor in the API is the following line of Java code: InetAddress localHost = InetAddress.getLocalHost(); ...the getLocalHost() function does a Reverse Lookup of the RADIUS Client machine’s IP Address using the Naming Service configured in the Operation System, for example, DNS. By the API's design, if the Routine can't resolve the Name, the code gives the RuntimeException() encountered. In this particular case, it can't resolve the Host Name for the Local Machine of the RADIUS Client, 'SYSC', and the API code gave the exception. This exception stops that instance of the RADIUS Client from instantiating any further, and since no Client's ever instantiate, no communication ever occurs to the RADIUS Server. The limitation is this code is unavoidable. It's used to set the NAS-ID Attribute of the RADIUS Packets we send to the RADIUS Server. This is coded in their API and can't be overridden. The options are: 1.) Setup DNS Lookup for 'SYSC' so the Lookup succeeds. 2.) Setup /etc/hosts File in USS so the Lookup succeeds for 'SYSC'. ...so the question becomes, do your PCI requirements prevent you from doing DNS setup for this machine? If "yes", Option 2 might be the best course of action and probably quicker. End result: once they defined 'sysc' as Local Host, they were able to Authenticate using AAM/MFA.