000011962 - Cleartrust 4.6 Agent for IIS: Does the agent validate tokens when processing a request for an excluded resource?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011962
Applies ToClearTrust Web Agent IIS V4.6 Agent
IssueCleartrust 4.6 Agent for IIS: Does the agent validate tokens when processing a request for an excluded resource?
When a resource is excluded by the agent, by: listing it as an excluded URL or extension; by using the rules.xml file; the agent log still shows the agent contacting the authorization server and validating the token if a CTSESSION cookie is present.
CauseThe order in which the agent processes requests puts token validation before any attempts to check the status of the requested resource.  When the agent gets to the phase of checking resource status, it first checks the resource against rules in the rules.xml file, followed by attempting to match the requested resource against the URL exclusion list and the extension exclusion list.
ResolutionThis behavior is correct and noted as 'functions as designed'.
Legacy Article IDa33877

Attachments

    Outcomes