000025659 - Cert Authentication sending users to wrong error page based on their account status.

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025659
Applies ToRSA Cleartrust Agent 4.6
Certificate-based Authentication
IssueCert Authentication sending users to wrong error page based on their account status.
Users sent to wrong error pages based on their account status.
The default ct_access_denied_<%language%>.html page is incorrectly displayed when the user is locked or expired.
Cause

Using Certificate authentication, when a user with valid DN but whose account has expired or is locked gets correct status from aserver. Agent sets its own status incorrectly (CT_AUTH_BAD_USERNAME) causing redirection to the wrong error page.

Resolution This issue has been resolved in a hot fix for RSA ClearTrust 4.6. Contact RSA Security Customer Support to obtain hot fix 4.6.0.126, or request the latest cumulative hotfix for your platform.

Notes

============================ EXPIRED ACCOUNT - WEB AGENT LOG =========================
Oct 03, 2006 08:48:39 AM EST - [1892] - <Info> - Result map: RETURN_CODE\nINVALID_USER\nAUTHENTICATION_RESULT\nEXPIRED_ACCOUNT
Oct 03, 2006 08:48:39 AM EST - [1892] - <Debug> - Assert certificate DN returned: 1
Oct 03, 2006 08:48:39 AM EST - [1892] - <Debug> - Status is 1 (CT_AUTH_BAD_USERNAME)

The last line should read:
Status is 3 (CT_AUTH_EXPIRED_ACCOUNT)



========================= LOCKED OUT - WEB AGENT LOG ===================================
Oct 03, 2006 08:44:27 AM EST - [368] - <Info> - Result map: RETURN_CODE\nINVALID_USER\nAUTHENTICATION_RESULT\nADMIN_LOCKOUT
Oct 03, 2006 08:44:27 AM EST - [368] - <Debug> - Assert certificate DN returned: 1
Oct 03, 2006 08:44:27 AM EST - [368] - <Debug> - Status is 1 (CT_AUTH_BAD_USERNAME)

The last line should read:
Status is 6 (CT_AUTH_USER_LOCKED_OUT)

Legacy Article IDa32142

Attachments

    Outcomes