000022742 - CT_REMOTE_USER HTTP header variable not set for failed RSA ClearTrust authentications where the correct userID is entered with an incorrect password value

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022742
Applies ToApache 2.0.49
RSA ClearTrust Agent 4.6 for Apache 2.0
Microsoft Windows 2000
IssueCT_REMOTE_USER HTTP header variable not set for failed RSA ClearTrust authentications where the correct userID is entered with an incorrect password value
CauseAccording to the webagent.conf file parameter as below, the CT_REMOTE_USER variable is only set on failed authentication attempts where the failure is due to an expired password or the account being referenced is locked out. This parameter does not encompass the authentication failure due to an incorrectly entered password value.

# Specifies whether to publish CT_REMOTE_USER from the user header list
# even if the user has not successfully authenticated.
#
# Allowed Values:
#     True Headers are published only if the user has successfully
# authenticated with at least one of the supported authentication
# types.
#     False HTTP headers for the user will be published if the user
# authentication is not successful because the password expired, the
# account is locked out, or the user logged out.
cleartrust.agent.strict_headers_export=
ResolutionWithin the aserver.log file, for such failed login attempts to ClearTrust protected resources, the authorization server logs the information below:

sequence_number=38,2006-03-20 10:29:08:590 PST,messageID=1002,user=jwai,client_ip_address=x.x.x.x,client_port=2461,browser_ip_address=x.x.x.x,result_code=2,result_action=Authentication Failure,result_reason=Bad Password

These log entries do indicate the userID entered at the time of the failed authentication attempt and the corresponding reason the authentication failed.
Legacy Article IDa30109

Attachments

    Outcomes