000022517 - RSA ClearTrust user challenged again with Inter-Site Single Sign-On (ISSO) implementation

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022517
Applies ToRSA ClearTrust Agent 4.6 for Microsoft IIS
Microsoft Windows Server 2003
Microsoft Windows 2000
Inter-Site Single Sign-On (ISSO)
IssueRSA ClearTrust user challenged again with Inter-Site Single Sign-On (ISSO) implementation
Even after successfully configuring Inter-Site Single Sign-On (ISSO) between 2 domains and after authenticating properly to the slave domain, the user is challenged a second time when browsing to master domain
CauseThe default setting in some web browsers is to block cookies from a 3rd-party domain automatically. This means the master domain's CTSESSION cookie is never properly retrieved in the initial successful login at the slave domain, and hence the user lacks credentials to the master domain and will be prompted to authenticate.
ResolutionTo correct this issue, change the web browser's security level to a setting that allows it to accept 3rd-party cookies set by the master domain when a user has already authenticated to the slave domain. For more information, see the "Troubleshooting" section of the RSA ClearTrust Agent 4.6 Installation and Configuration Guide.
Legacy Article IDa28974

Attachments

    Outcomes