|Applies To||Citrix Secure Access Gateway|
RSA Access Manager Agent 4.8 for IIS 6.0
Microsoft Internet Information Services (IIS) 6.0
|Issue||Access Manager incorrectly redirects HTTPS session to HTTP port on Citrix Web Interface Server|
After authentication the user is directed to HTTP instead of HTTPS on the Citrix Web Interface Server. The Access Manager redirection cookie (URL retention cookie) ACTSESSION contains the wrong address and port.
|Cause||This is issue is not unique to Citrix and occurs whenever a third party SSL accelerator or proxy is installed in front of IIS and the customer is using a central logon page. The issue occurs because the Central Logon page requires that you include the fully qualified URL in the ACTSESSION cookie instead of the normal relative URL. The Access Manager Agent installed on the server behind the proxy sees the request as an http request and when the redirection is done it will attempt to redirect to an http URL.|
|Resolution||If Central Logon is not required the agent may be configured to use a relative URL in the ACTSESSION cookie by setting |
There are many solutions to this issue. Some method must be provided to redirect the http requests to the correct https port on the target web server.
See also solution AxM 4.8 agent and the arbitrary redirect to port 80 when a loadbalancer is used to rewrite to a different port. ACTSESSION cookie retains port 80.a47576 AxM 4.8 agent and the arbitrary redirect to port 80 when a loadbalancer is used to rewrite to a different port. ACTSESSION cookie retains port 80.
|Legacy Article ID||a47746|