000022049 - REMOTE_USER HTTP header variable not available with RSA Authentication Agent 5.3 for Web

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022049
Applies ToRSA Authentication Agent 5.3 for Web
RSA Authentication Agent 5.3 for Web Authentication API
Microsoft Internet Information Server (IIS) 5.0
Microsoft Internet Information Server (IIS) 6.0
Sun ONE Web Server
IssueREMOTE_USER HTTP header variable not available with RSA Authentication Agent 5.3 for Web
After a successful RSA SecurID authentication with RSA Authentication Agent for Web, an application on the web server may try to identify the user by retrieving the HTTP header variable REMOTE_USER. However, the returned value may be blank or even have a different user name.
CauseRSA Authentication Agent for Web does not populate the HTTP header variable REMOTE_USER; the field may be populated by the web server or another application. For example, if the resource is also protected by NTLM/IWA, then the value will be populated with the name used for the NTLM/IWA authentication. For security reasons, the HTTP header variable REMOTE_USER must not be used to verify the SecurID user name.
ResolutionTo obtain the RSA SecurID authenticated user name, use the RSA Authentication Agent for Web API. Examples of how to do this in CGI, JScript, and VBScript are provided with the agent installation media. An example of how to call the user name in ASP is given bellow:

<%  Dim RSACookieAPI
        Set RSACookieAPI = Server.CreateObject("Rsacookieapi.RSACookie")

<p> Hello, your SecurID Authentication User name is <%=RSACookieAPI.RSAGetUserName() %> .</p>
Legacy Article IDa26550