|Applies To||RSA Access Manger 4.9.1 Agent for Apache 2.x|
RSA Access Manager Agent 4.8 for Apache 2.0
|Issue||Access Manager Agent for Apache 2.x: Issues redirecting authenticated users to an error page with query string based redirection.|
When using query string based redirection (cleartrust.agent.retain_url.use_query_string=True), the CT_ORIG_URL is not set when directing users to the Access Manager error pages if the user is not succesfully authenticated. An example of this behavior would be when directing users to the page defined by cleartrust.agent.login_auth_user_locked_out=.
|Cause||The release version of the agents will redirect to the correct error page with cookie based redirection, and the ACTSESSION cookie will retain the original URL for redirection after the page is served. With query string based redirection, the CT_ORIG_URL is not set correctly, therefore there is no way for the system to retain the original URL after the error page is served.|
|Resolution||Please note the different hotfixes as listed below, as separate hotfixes have been issued for each version of the agent:|
This issue has been resolved in hotfix 220.127.116.11 for the 4.9.1 Agent for Apache 2.x on RedHat.
This issue has been resolved in hotfix 18.104.22.168 for the 4.8 Agent for Apache 2.x on RedHat.
Please contact RSA Customer Support and request this hotfix, noting hotfixes are cumulative, and a later version of the hotfix will resolve the issue.
When using query string based redirection the CT_ORIG_URL will now be set when redirecting the user to an Access Manger error page regardless of the authentication status of the user.
Note that the CT_ORIG_URL is not set if the target page is an html page; the target page must be an asp or a jsp page.
|Legacy Article ID||a57498|