Error "Realm is referenced by policy" when trying to delete an authentication realm
Article ID: 167431
Updated On:
Products
Issue/Introduction
You receive the error "Realm <realm_name> is referenced by policy" when trying to delete an authentication realm.
Cause
The authentication realm is currently referenced within the current configuration.
Resolution
Before a realm can be deleted from the configuration, it has to be clear of any reference in the policy and it can't be part of a sequence realm.
Remove Policy References
- Open the Visual Policy Manager.
- Select Operations > View All Objects.
- Search for the realm name.
- Delete all User, Group, or Authenticate objects which reference the realm.
- If the object is referenced in a rule, a warning message will appear. Click on Show all occurrences.
- Click the edit icon for each occurrence and remove it from the associated rule.
- Return to the object list and delete the object. Continue deleting the objects until all references are removed.
- Review the Local, Forward, and Central CPL policy files for any references to the realm. These can be checked using the Text Editor available under Configuration > Policy > Policy Files.
- Verify all occurrences were removed by searching for the realm name in the current policy file, available by clicking the View button in the above screenshot.
Remove from Sequence Realms
Verify the realm is not a part of any sequence realms.
Navigate to Configuration > Authentication > Sequences > Sequence Main, toggle through each sequence realm from the drop-down, and delete the realm if it is present.
References are cleared but the error persists
Try to delete the realm by issuing the delete realm command with the force option in the command line interface (CLI):
#(config) security iwa delete-realm realm_name force
SGOS may be holding a reference to it in memory. Reboot the device to clear it.
Feedback
