000021308 - Does ClearTrust cookie have precedence over basic Authentication?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021308
Applies ToRSA ClearTrust Agents
IssueDoes ClearTrust cookie have precedence over basic Authentication?
CauseThis is a concern if an application is authenticating automatically to the agent by passing the username and password via HTTP header variables. If a ClearTrust cookie is presented to the Web agent, ClearTrust will attempt to authenticate the user based on the information in the cookie in precedence over any user information in the http headers. If the cookie has expired, or the Cleartrust.agent.idle_timeout has elapsed, the user will be prompted to reauthenticate.
ResolutionIf you do not want the user to be subject to cookie-based timeouts, set cleartrust.agent.sso=no.
Legacy Article IDa17592

Attachments

    Outcomes