000018172 - RSA ClearTrust URL retention does not work in SecurID New PIN or Next Tokencode Modes

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018172
Applies ToMicrosoft Windows Server 2003
RSA ClearTrust Agent 4.6 for Microsoft Internet Information Services (IIS) 6.0
IssueRSA ClearTrust URL retention does not work in SecurID New PIN or Next Tokencode Modes
Users are not redirected to the protected page after entering the RSA SecurID Tokencode
CauseRSA ClearTrust Agent 4.6 internally looks for a specific variable in the querystring during the POST event to use for redirection. An inconsistency in the naming convention in the ct_securid.asp page prevents the Agent from retrieving the correct redirection URL from the POST event. The Microsoft Internet Information Services (IIS) ASP code was setting a variable called CT_ORIG_URL, where the Agent expects a variable called orig_url.
ResolutionTo correct this issue, modify the code in the ct_securid.asp page to show the correct variable. Locate the following text on line 95 of the ct_securid.jsp page:

    QueryString = QueryString & "&CT_ORIG_URL=" & Server.URLEncode( CTOrigUrl )

Change the name of the variable to orig_url as follows:

    QueryString = QueryString & "&orig_url=" & Server.URLEncode( CTOrigUrl )

NOTE: There is no official hot fix for this change, but the fix has been changed in RSA's code base, and will be included in the next release of the Agent
WorkaroundRSA ClearTrust Agent 4.6 is configured to use query string based URL redirection (in the webagent.conf file cleartrust.agent.retain_url.use_query_string=True)
Legacy Article IDa29461