000012428 - Access Manager Agent for Apache 2.x: Issues redirecting authenticated users to an error page with query string based redirection.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012428
Applies ToRSA Access Manger 4.9.1 Agent for Apache 2.x
RSA Access Manager Agent 4.8 for Apache 2.0
IssueAccess Manager Agent for Apache 2.x: Issues redirecting authenticated users to an error page with query string based redirection.
When using query string based redirection (cleartrust.agent.retain_url.use_query_string=True), the CT_ORIG_URL is not set when directing users to the Access Manager error pages if the user is not succesfully authenticated.  An example of this behavior would be when directing users to the page defined by cleartrust.agent.login_auth_user_locked_out=.
CauseThe release version of the agents will redirect to the correct error page with cookie based redirection, and the ACTSESSION cookie will retain the original URL for redirection after the page is served.  With query string based redirection, the CT_ORIG_URL is not set correctly, therefore there is no way for the system to retain the original URL after the error page is served.
ResolutionPlease note the different hotfixes as listed below, as separate hotfixes have been issued for each version of the agent:

This issue has been resolved in hotfix 4.9.1.11 for the 4.9.1 Agent for Apache 2.x on RedHat. 

This issue has been resolved in hotfix 4.8.0.50 for the 4.8 Agent for Apache 2.x on RedHat. 

Please contact RSA Customer Support and request this hotfix, noting hotfixes are cumulative, and a later version of the hotfix will resolve the issue.
When using query string based redirection the CT_ORIG_URL will now be set when redirecting the user to an Access Manger error page regardless of the authentication status of the user.  
Note that the CT_ORIG_URL is not set if the target page is an html page; the target page must be an asp or a jsp page.
Legacy Article IDa57498

Attachments

    Outcomes