|Applies To||RSA ACE/Agent for Windows|
RSA ACE/Agent for Web
|Issue||How to use RSA domain cookies on more than one host in RSA ACE/Server|
MD5 checksum error
User wishes to use same RSA domain cookie from another host. User authenticates to a Microsoft IIS web server secured by RSA ACE/Agent for Web from their browser. User then contacts a proxy host which controls a secured resource. This service also requires authentication. Since the user has already authenticated through RSA ACE/Agent for Web, the cookie can be used as validation. To do this, the RSA cookie is sent to the proxy which uses it to request an http page from the IIS Server protected with RSA ACE/Agent for Web. If it gets an RSA Login page, the cookie is assumed to be invalid. However, the HTTP request is rejected every time by RSA ACE/Agent for Web, even though the browser on the users own machine can view pages without re-authentication.
|Cause||The cookie created by RSA ACE/Agent for Web includes the IP of the web client (browser). Each time the RSA cookie is used by the proxy host, it will be rejected because the HTTP request is coming from a different originating IP than that detailed in the RSA cookie.|
|Resolution||To allow cookies from other hosts, the following registry key must be added to the Microsoft Internet Information Services (IIS) web server host:|
The key has to added as a DWORD and is case sensitive. The value can be left at 0, since RSA ACE/Agent for Web only looks for the existence of the Key to ignore the IP.
|Legacy Article ID||a35|