|Applies To||RSA ClearTrust Agent 4.5 for Microsoft IIS|
RSA ClearTrust Agent 4.0 for Sun ONE Web Server 6.0
|Issue||Custom application causing SSO failures between iPlanet 4.0 and IIS 4.5 Web servers in RSA ClearTrust|
|Cause||Previous to build 4.5.0.03 of RSA ClearTrust Agent 4.5 for Microsoft IIS, the URI retention cookie was named 1CTSESSION. This broke specific applications that did not allow a numeric value in the cookie name. Starting with build 4.5.0.03, the retention cookie was renamed to ACTSESSION to address this.|
However, this had an adverse affect in environments with a mixture of IIS and Sun ONE Web servers with ClearTrust Agents installed, since the Sun ONE agents would still generate 1CTSESSION retention cookies. In certain circumstances, applications would cause SSO to fail between these two agents because of the cookie name mismatch.
|Resolution||This issue has been resolved in hot fix 188.8.131.52 for RSA ClearTrust Agent 4.0 for Sun ONE 6.0 Web server. Starting with this build, the name for URI retention cookies is now ACTSESSION. Contact RSA Security Customer Support to obtain this hot fix, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels). Follow the instructions in the Readme file for proper installation.|
|Legacy Article ID||a21876|