000021051 - RSA ClearTrust 5.5 Authorization Server (AuthServer) does not report end user's IP address when using RSA ClearTrust Agent 4.0 or 4.5

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021051
Applies ToRSA ClearTrust 5.5 Authorization Server (AServer)
RSA ClearTrust Agent 4.5
RSA ClearTrust Agent 4.0
IssueRSA ClearTrust 5.5 Authorization Server (AuthServer) does not report end user's IP address when using RSA ClearTrust Agent 4.0 or 4.5
RSA ClearTrust 5.5 AuthServer (and hence RSA ClearTrust Log Server) does not report end user's client IP address in logs when using RSA ClearTrust Agent 4.0 for Sun ONE Web Server 6.0 or RSA ClearTrust Agent 4.5 for IIS. For example, a typical log entry in the ClearTrust Log Server logs show up as follows when 4.0 Agent for Sun ONE is used:

(NOTE: The client_ip_address entry shown below does not refer to the end user or browser IP address; it is the IP address of the machine where the ClearTrust Agent is installed)

    sequence_number=5,remote_client=aserver-nperacha-t,2004-03-09 15:50:16:772 PST,
      messageID=2010,user=testuser01,client_ip_address=10.7.193.31,client_port=1480,
      result_code=0,result_action=Authentication Success,result_reason=Valid User
    sequence_number=6,remote_client=aserver-nperacha-t,2004-03-09 15:50:16:992 PST,
      messageID=2001,user=testuser01,webserver=sunone6-nperacha-t,URI=/protected/*,Resource=/protected/test.txt,client_ip_address=10.7.193.31,client_port=1480,
      result_code=10,result_action=Authorization Success,result_reason=User Entitlement


If a previous version of RSA ClearTrust Agent (e.g. version 3.0.x) is used with the same RSA ClearTrust Servers, the AuthServer reports the end user's IP address. For example, if RSA ClearTrust Agent 3.0.x for iPlanet 4.1 Web Server is used with same backend RSA ClearTrust Servers, the logs show the end user's IP address:

(NOTE: The browser_ip_address entry shown below represents the end user's IP address)

    sequence_number=24,remote_client=aserver-nperacha-t,2004-03-09 16:51:55:300 PST,
      messageID=2010,user=testuser01,webserver=iplanet419-nperacha-t,URI=/cleartrust/ct_logon.html,client_ip_address=10.7.193.31,client_port=2050,browser_ip_address=10.7.193.30,
      result_code=0,result_action=Authentication Success,result_reason=Valid User
    sequence_number=31,remote_client=aserver-nperacha-t,2004-03-09 16:51:59:306 PST,
      messageID=2002,user=testuser01,webserver=iplanet419-nperacha-t,URI=/protected/*,Resource=/protected/test.txt,client_ip_address=10.7.193.31,client_port=2050,browser_ip_address=10.7.193.30,
      result_code=10,result_action=Authorization Success,result_reason=Cached Allow

Resolution
This issue has been resolved in hot fix 5.5.2.04 for RSA ClearTrust Servers. Contact RSA Security Customer Support to obtain RSA ClearTrust Servers hot fix 5.5.2.04, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels).
Legacy Article IDa20922

Attachments

    Outcomes