000024727 - Some RSA ClearTrust user properties' values do not show up in HTTP headers

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024727
Applies ToRSA ClearTrust 5.5.2 Authorization Server (AServer)
RSA ClearTrust Agent 4.5 for Microsoft IIS
Microsoft Windows 2000 Server SP4
Microsoft Internet Information Server (IIS) 5.0
RSA ClearTrust 5.5.2 supports user properties as HTTP headers
IssueSome RSA ClearTrust user properties' values do not show up in HTTP headers
CauseThe user properties that are missing their values were named as USER_NUMBER, USER_CARD_ID, and USER_ACCOUNT_NUMBER (note the underscore character in their names). RSA ClearTrust successfully set the HTTP headers with the variable names set to the user property names and their values accordingly. However, calls to Request.ServerVariables() did not retrieve values for only those variables that contained the underscore character in their names. This is a known Microsoft issue, and is documented on MSDN for IIS server variables at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iissdk/iis/servervariables.asp. Here's a relevant quote:

The value stored in the header <HeaderName>. Any header other than those listed in this table must be preceded by "HTTP_" in order for the ServerVariables collection to retrieve its value. This is useful for retrieving custom headers.
Note: The server interprets any underscore (_) characters in <HeaderName> as dashes in the actual header. For example, if you specify HTTP_MY_HEADER, the server searches for a request header named MY-HEADER.

Per the note above, a call to Request.ServerVariables("HTTP_USER_NUMBER") will search for a request header named "USER-NUMBER" (notice that underscore character will be replaced by a hyphen in the header name), and hence will not find any value.
ResolutionTo correct this issue, do not define user property names that include the underscore character.

NOTE: Note that a call to Request.ServerVariables("HEADER_USER_PROPERTY") will work fine to retrieve a header value for "USER_PROPERTY" variable. However, this option is available in IIS 6.0 but not in IIS 5.1 and prior versions (note usage of Request.ServerVariables() contained "HEADER_USER_PROPERTY" instead of "HTTP_USER_PROPERTY").
WorkaroundConfigured RSA ClearTrust to export user properties to the HTTP header, then subsequently used the call Request.ServerVariables("HTTP_<HeaderVariableName>") in an asp page to retrieve values for those properties in the headers
Legacy Article IDa22218