Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000024214 - Applications that authenticate using HTTP authentication do not set Microsoft Windows Token with Protocal Transition and Password Replay in RSA ClearTrust

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 5Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000024214
Applies To	RSA ClearTrust Agent 4.6 for Microsoft Internet Information Services (IIS) 6.0 Microsoft Internet Information Server (IIS) 6.0 Microsoft Windows 2000 Professional SP4 Password Replay Protocol Transition ctagent.log file shows the following: 1124679643.718:[4004/5096]:<Info>:[GetExtensionVersion]:Domain name: NOZ 1124679643.718:[4004/5096]:<Info>:[GetExtensionVersion]:WildCard map extension loaded 1124679643.718:[4004/5096]:<Debug>:[HttpExtensionProc]:Got uri: /test/ 1124679643.718:[4004/5096]:<Critical>:[HttpExtensionProc]:Failed to get HTTP_CT_TOKEN_REQUEST
Issue	Applications that authenticate using HTTP authentication do not set Microsoft Windows Token with Protocol Transition and Password Replay in RSA ClearTrust Agent 4.6 for Microsoft Internet Information Services (IIS) 6.0 Protocol Transition fails with a 401.3 error page.
Cause	This occurred because the calls to obtain the Microsoft Windows Token occurred prior to the interception of the HTTP authentication headers
Resolution	This issue has been resolved in a hot fix for RSA ClearTrust Agent 4.6 for Microsoft Internet Information Services (IIS) 6.0. Contact RSA Security Customer Support to obtain hot fix 4.6.0.72, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels). NOTE: For HTTP authentication to function correctly, the ClearTrust Agent must be configured with clearturst.agent.ignore_http_auth=FALSE and cleartrust.agent.iis.preproc_auth_enabled=TRUE
Notes	Note: This hotfix has been superseded by hotfix 4.6.0.76. (see solution RSA ClearTrust Agent 4.6 for Microsoft Internet Information Services (IIS) hot fix 4.6.0.72 breaks Protocol Transition with Preproc DISABLED). Please do not use this hotfix version, instead request the latest hotfix version from RSA Support. Note: This solution is not applicable to older revisions. Please update your agent to the latest hotfix. In later hotfixes there is no longer a dependency on the preproc_auth_enabled setting.
Legacy Article ID	a27774

Attachments

Outcomes

0 Comments

Recommended Content