|Applies To||RSA ClearTrust Agent 4.0 for Lotus Domino R5|
|Issue||RSA ClearTrust Agent 4.0 for Lotus Domino R5 doesn't set REMOTE_AUTH and AUTH_TYPE|
The variables in question are supposed to be set by the webserver according to this CGI specification http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html#5.0.
Browser-based authentication mechanism makes the browser send the username/password and other auth information in the request header. Domino sets all the header information in the environment as soon as the request is received (and even before control is passed to the agent). Once browser-based authentication is done, the browser will continue to send user and auth information in the header for all subsequent requests to the same web server. Therefore, the above said variables are always available in the environment.
Why case 2 doesn't work:
For form-based logon, all the username/password and auth information goes as POST data that is not part of the request header. Subsequent requests are authenticated with the help of a cookie. So, when the information is not present in the request header, Domino would not set it in the environment.
|Legacy Article ID||a27121|