000018342 - How to bypass RSA SecurID multiple domain authentication page

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018342
Applies ToRSA ACE/Agent 4.4 for Windows NT (no longer supported as of 3-3-2003)
RSA ACE/Server
UNIX (AIX, HP-UX, Solaris)
Microsoft Windows
The purpose of the multidom.htm page is to set the cookies for the different domains listed in the multiple domain support. This is done by the ok.jpg image. The multidom.htm will come up with all domains listed. If the connection was made to that server at the specific URL for setting that cookie, the ok.jpg image, ?OK?, is displayed on that line. If the connection was not made and the cookie cannot be set, the denied.jpg image, ?Denied?, will appear on that line.

NOTE: RSA does not recommend that customers remove the multidom.htm page because users will not know if the domain cookies loaded properly or not.  However, if customers want to remove this HTML page, they can write Java script to eliminate the need for the HTML page (whether the domain cookies loaded successfully or not) and automatically send the user to the next URL.

The danger in this is that the end user would not see the ?Denied? image if the connection is unsuccessful. Administrators have to weigh this against the benefits of not seeing the page at all. It is for this reason that RSA recommends the original multidom.htm page be backed up. It could be put back in place for the purposes of troubleshooting, if necessary.
IssueHow to bypass RSA SecurID multiple domain authentication page
CauseMultiple domain support is enabled when administrators want to have users access multiple servers in different domains without being RSA SecurID-challenged for each new connection. Once successfully RSA SecurID-authenticated to one domain, users receive cookies for all domains specified in the multiple domain support. When multiple domain support is enabled, the end user sees the multidom.htm page. They are then required to click on the Continue link in order to get the originally specified page.  Some administrators may want to remove the need for users to click Continue because it can be confusing to users.
ResolutionThe multidom.htm page cannot be omitted, but administrators can modify it so that it will appear and disappear without user intervention. The end user would see the page flash by and would be automatically re-directed to the originally specified page.

To make these modifications, follow these instructions.


Original multi-dom.htm:

Location \winnt\system32\aceclnt
The original page has the following coding:

<script language=JavaScript>
<!--
function check_popup()
{
        if (window.name == "SecurIDPopup") {
                alert('Authentication successful');
                window.close();
        }
}
//-->
</script>


Modified multi-dom.htm:

Modifications can be made to the file so that it appears and immediately disappears. The coding below should be put in place of that noted above.

<script language=JavaScript>
<!--
function check_popup()
{
        if (window.name == "SecurIDPopup") {
                alert('Authentication successful');
                window.close();
        }
        else {
                document.location = document.links[0].href;        }
}
//-->
</script>
Legacy Article ID6.0.3150931.2903847

Attachments

    Outcomes