000024909 - Cleartrust ISSO (Intersite Single Sign On) does not work if the aserver is is passive mode.

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024909
Applies To
RSA ClearTrust Agent 4.6 for Microsoft Internet Information Services (IIS) 6.0

Microsoft Internet Information Services (IIS) 6.0
Microsoft Internet Information Services (IIS) 5.0 on Microsoft Windows 2000
IssueCleartrust ISSO (Intersite Single Sign On) does not work if the aserver is is passive mode.  
Authenticated users accessing resources on the slave server are redirected to the ClearTrust logon page instead of being redirected to the protected url.
CauseDue to a change introduced in hotfix 4.6.0.21 the ISSO master URL is incorrectly processed as a protected resource, causing the redirection URL to be corrupted.
ResolutionThis issue has been resolved in hotfix 4.6.0.134 for the ClearTrust Agent 4.6 for IIS 5.0 and 6.0.  Contact RSA Customer Support and request this hotfix or the latest hotfix for the ClearTrust 4.6 Agent.
WorkaroundApplied ClearTrust Agent  4.6 hotfix 4.6.0.21 or later.
Changed asever.conf setting for cleartrust.aserver.authorization_mode= from active to passive.
Legacy Article IDa32977

Attachments

    Outcomes