000022031 - How to configure RSA ClearTrust Agent 4.6 for Apache for an SSL Reverse Proxy Server

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022031
Applies ToRSA ClearTrust 5.5 Authorization Server (AServer)
Sun Solaris 2.9
F5 Networks BIG-IP Load Balancer
Apache 2.0
RSA ClearTrust Agent 4.6 for Apache 2.0 for Red Hat Enterprise Linux (RHEL)

Reverse Proxy Server
IssueHow to configure RSA ClearTrust Agent 4.6 for Apache for an SSL Reverse Proxy Server
User is able to authenticate to the content served from a SSL proxy server, but is incorrectly redirected back to an HTTP page
CauseThe default behavior for the RSA ClearTrust Agent is to use a fully-qualified URL to redirect the user back to the original page after logon. If Apache is configured as a reverse proxy server and the ClearTrust Agent is installed directly on the proxy server, this will cause the Agent to redirect to the incorrect page. The ClearTrust Agent must be configured to return a relative URL. The Agent may be configured to use query string or cookie-based URL redirection.
ResolutionChange the use_full_url value to False in the webagent.conf file:

# Indicates whether agent uses relative or full url when redirecting user back
# to original page. Relative url is required in some proxy environment for
# url retention. This parameter must be set to true for mobile authentication
# regardless of the value of cleartrust.agent.retain_url.
#
# Allowed Values:
#   True     Enabled
#   False    Disabled
#
# Dependencies:
#   Used only if cleartrust.agent.retain_url is set to True except for mobile authentication
#
cleartrust.agent.retain_url.use_full_url=True

change to:

cleartrust.agent.retain_url.use_full_url=False
Legacy Article IDa28650

Attachments

    Outcomes