|Applies To||ClearTrust Servers 5.5.3|
Access Manager 6.0.x
Access Manager agent 4.7
Microsoft Internet Information Serivces (IIS) 5
|Issue||When using form-based authentication, if the IP address is in the URL instead of the FQDN, the authentication screen loops (no ACTSESSION or CTSESSION cookie) even though you have authenticated successfully.|
You may experience the message "Successful authentication. Use your browser to access the requested resource"
Using the FQDN in the URL works (where the URL is retained and re-direct occurs successfully after authentication).
The looping is essentially because SSO relies on a DNS name, otherwise the browser cannot send it back to the server. One way to get round this symptom is to define a VirtualHost block within the webagent.conf (located by default in 'C:\Program Files\RSA\Access Manager Agent 4.7\IIS\conf' on IIS or '/opt/agent/agent-apache2-46/conf' for Apache), citing the IP address of the system. As well within that VirtualHost directive, remove the cookie domain information.
Here is an example in webagent.conf, where the webserver FQDN is astrachan04.csuk.eu.rsa.net and the IP address is 10.148.129.224:
<VirtualHost address=10.148.129.224 name=* port=*>
Note the absense of the the domain name in the cleartrust.agent.cookie_domain parameter.
|Legacy Article ID||a38592|