000018519 - RSA SecurID Next Token Mode and New PIN Mode fail with ClearTrust Agent 3.5 for Apache

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018519
Applies ToRSA ClearTrust Agent 3.5 for Apache
Sun Solaris 2.8
Linux
Apache 1.3.x
Apache 2.0
IssueRSA SecurID Next Token Mode and New PIN Mode fail with ClearTrust Agent 3.5 for Apache
The ClearTrust Agent 3.5 for Apache is configured to use SecurID authentication for a protected resource. Additionally, it is set up to use the Authentication Servers in DISTRIBUTED mode and CTSharedPoolEnable is set to YES. SecurID Next Token Mode and New PIN Mode will fail; however, either disabling CTSharedPoolEnable or setting the CT AuthServer to STANDARD mode resolves the problem.
CauseThere is a bug with the way the new ClearTrust Shared Pool for Apache handles the SecurID authentication state. For this to work correctly, the Agent must reconnect the user to the same Authentication Server that has initiated contact with the ACE Server.
ResolutionThis issue is now resolved and is included in the latest patch release of RSA ClearTrust Agent for Apache 1.3c and Apache 2 on both Solaris and Linux. To obtain the latest release of Agent, visit RSA SecurCare Online's Downloads area, or contact RSA Security Customer Support directly.
Legacy Article IDa19878

Attachments

    Outcomes