|Applies To||RSA ClearTrust Agent 4.6|
Microsoft Integrated Windows Authentication (IWA)
|Issue||The cleartrust home page loops when attempting IWA authentication|
When attempting to authenticate using IWA (Integrated Windows Authentication) the user is directed to the ct_home.asp page on the IWA IIS server and then the page loops (looping logon) forever.
|Cause||This error occurs if the ClearTrust authentication cookie cannot be accepted by the users browser.|
|Resolution||Ensure that the users browser allows cookies to be accepted.|
Ensure that the cleartrust.agent.cookie_domain name in the webagent.conf file for the IIS server agent hosting the ct_home.asp page is the same as that of the other web servers protected by ClearTrust agents.
Ensure that the time is the same on the browser and all the web servers participating in SSO.
Temporarily disable cookie ip checking on the agent to test for proxy problems.
Ensure that the cleartrust.agent.cookie_domain is in lower, not upper or mixed case (This is a problem on some types of web servers only.)
The IWA ct_home.asp needs to check for the presence of an orig url to redirect to before doing the META refresh. If there is no orig url (such as when accessing the ct_home.asp directly) the page will loop. The supplied ct_home.asp has this check but it may be lost due to modifications or using an old version of the page.
|Legacy Article ID||a32178|