000024985 - QueryString-based URL retention fails after a successfull authentication following a failed logon attempt in RSA ClearTrust

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024985
Applies To
RSA ClearTrust Agent 4.6 for Microsoft IIS

RSA ClearTrust Agent 4.6 for Apache 2.0 for Sun Solaris
Apache 2.0.49
Microsoft Internet Information Server (IIS) 5.0
Microsoft Windows 2000 SP4
Sun Solaris 2.8
IssueQueryString-based URL retention fails after a successful authentication following a failed logon attempt in RSA ClearTrust
RSA ClearTrust is configured to protect Apache 2 web server resources with RSA ClearTrust Agent 4.6, and the Microsoft IIS 5 web server is set up with the RSA ClearTrust Agent as the logon server. A user navigates to a protected Apache web server resource and is redirected to the IIS logon server's ClearTrust logon page. Using query_string=true, the user initially fails the first logon attempt with either a wrong userID or password, and on the next attempt with the correct logon credentials, the orig_uri value has changed so that the browser attempts to load the protected resource contents from the logon server rather than from the resource server. Finally, the browser displays a "File Not Found" error.
CauseAfter the initial failed logon attempt, the redirection URL incorrectly shows the relative URL instead of the fully qualified URL
ResolutionThis issue has been resolved in a hot fix 4.6.0.59 for RSA ClearTrust Agent 4.6 for IIS 5.0. Contact RSA Security Customer Support to obtain hot fix 4.6.0.59, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels).
Legacy Article IDa26190

Attachments

    Outcomes