000021676 - Virtual Host Cookie Domain

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021676
Applies ToMicrosoft Windows 2000 SP4
Apache 2.0.49
RSA ClearTrust Agent 4.6 for Apache 2.0
IssueVirtual Host Cookie Domain
With a name-based virtual host declared within the webagent.conf file, user attempts to authenticate to a ClearTrust-protected resource via the virtual host address. Upon entering the correct login credentials, user is redirected to the back to the ClearTrust login page and not to the resource as expected.
CauseWithin the webagent.conf file, the global section of parameters has the following:

cleartrust.agent.cookie_domain=.domain.com (set for the web server's main web site at www.domain.com)

The name-based virtual host is declared as:

<VirtualHost address=* name=www.domain.net port=*>

</VirtualHost>

Because the virtual host defined has a different domain suffix than that of the authentication cookie domain as set within the global section of parameters within the webagent.conf, there is no actual authentication cookie generated for .domain.net as is needed to access the protected resource.
ResolutionWithin the webagent.conf's virtual host declaration, include a specific cookie_domain parameter for the virtual host domain suffix:

<VirtualHost address=* name=www.domain.net port=*>

cleartrust.agent.cookie_domain=.domain.net

</VirtualHost>
Legacy Article IDa24252

Attachments

    Outcomes