000030101 - "Error 404!" in RSA Access Manager Entitlements Manager (AdminGUI) after session timeout.

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030101
Applies ToRSA Product Set: ClearTrust
RSA Product/Service Type: Access Manager Entitlements Manager (AdminGUI)
RSA Version/Condition: 6.6.2 (SP2)
Platform: Windows
Platform (Other): null
O/S Version: 2008 Server R2 x64
Product Name: RSA-0010020
Product Description: Access Manager
IssueAn "Error 404!" "The page you were looking for could not be found" displays in the RSA Access Manager Entitlements Manager (AdminGUI).   The URL may be an image, or it may be show when attempting to display the page "error.html".    This may occur after the idle session timeout period has expired (default 10 minutes) and after the user authenticates and tries to access previously cached content.
CauseThis occurs after deploying the 6.6.2 Entitlements Manager axm-admin-gui-6.2.2.war file.   The CSRFGuard application used to prevent cross site scripting attacks was updated in the 6.2.2 version of RSA Access Manager.  The application incorrectly redirects the user to the page error.html instead of the logon page.
ResolutionThis issue is resolved in RSA Access Manager 6.2.3 (SP3).  Contact RSA Customer Support and request the latest service pack for RSA Access Manager. 
WorkaroundEdit the csrfguard.properties file located in {deployment}/axm-admin-gui-6.2.2/WEB-INF/ folder of your application server where the Entitlements Manger was deployed.



Locate the following line:

org.owasp.csrfguard.action.Redirect.Page=%servletContext%/error.html



and change it to point to the InvaldSession.jsp page:

org.owasp.csrfguard.action.Redirect.Page=%servletContext%/InvalidSession.jsp.



Restart the application server. 



Note that if you redeploy the entitlements manger you will have to make this change again. 

Attachments

    Outcomes