000022439 - RSA ClearTrust Inter-Site Single Sign-On (ISSO) virtual host definitions

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022439
Applies ToRSA ClearTrust Agent 4.6 for Microsoft Internet Information Services (IIS) 6.0
Inter-Site Single Sign-On (ISSO)
IssueRSA ClearTrust Inter-Site Single Sign-On (ISSO) virtual host definitions
Inter-Site Single Sign-On (ISSO) does not redirect to a specific subdomain
CauseRegarding Inter-Site Single Sign-On (ISSO) between domains with multiple subdomains, the current ISSO configuration requires each virtual host definition to have a unique target URL configured for the ISSO self and master parameters, for example:

    cleartrust.agent.isso.self_url=http:/host1.domain.com

This constraint prevents ISSO from working where a single virtual host definition may have multiple subdomains. Consider the following example, where host1.domain.com, host2.domain.com, and host{X}.domain.com all map to the same virtual host definition:

    <VirtualHost address=192.168.0.1 name=* port=*>
    cleartrust.agent.cookie_domain=.domain.com
ResolutionInter-Site Single Sign-On (ISSO) between domains with multiple subdomains is not directly supported in RSA ClearTrust. It is possible to configure ISSO to work in the configuration if a separate virtual host definition is created with a single central logon page defined. The virtual hosts must use a fully qualified URL for the logon page location:

    <VirtualHost address=192.168.0.1 name=* port=*>
    cleartrust.agent.web_server_name=name
    cleartrust.agent.cookie_domain=.domain.com
    cleartrust.agent.login_home_location=http://centrallogon.domain.com/cleartrust/ct_logon.asp
Legacy Article IDa28478

Attachments

    Outcomes