000026166 - 'Require secure connection' setting breaks Domain Cookies on Web Agent.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026166
Applies ToACE/Server 5.2
Authentication Manager Server 6.x
RSA ACE Web Agent for IIS 5.3
Microsoft Windows 2000 Server SP3
Issue"Require secure connection" setting breaks Domain Cookies on Web Agent.
When you first SecurID authenticate to the secured site, https, then hit the unsecured site sharing the domain secret you will be SecurID challenged once again. Authenticating first to the unsecured site, http, then hitting the secured site, https, sharing the domain secret you do not get challenged.
CauseThe secured site, https, had the "Require Secure Connection to Access Protected Pages" enabled. This creates a cookie that is good only for only SSL connections. If you were to hit another SSL protected site you would not be SecurID challenged.
ResolutionVerify the protected site resources can only be accessed via SSL connection, disable the "Require Secure Connection to Access Protected Pages" option in the Web Agent configuration and restart IIS.
Legacy Article IDa37014

Attachments

    Outcomes