000022763 - Inter-Site Single Sign-On (ISSO) issues after logging out of RSA ClearTrust Agent 3.5 for Apache

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022763
Applies ToRSA ClearTrust Agent 3.5 for Apache
Inter-Site Single Sign-On (ISSO)
IssueInter-Site Single Sign-On (ISSO) issues after logging out of RSA ClearTrust Agent 3.5 for Apache
After logging out from an Inter-Site Single Sign-On (ISSO) environment, trying to access a protected resource on the slave RSA ClearTrust Agent causes error "page not found"
Error: "ct_post_process: rsp_status = 404 Not Found" in slave RSA ClearTrust Agent debugging log
CauseAfter logging out from an Inter-Site Single Sign-On (ISSO) environment, RSA ClearTrust Agent 3.5 for Apache does not allow users to re-authenticate on a slave server unless web browser is closed and reopened (flushing all temp. cookies). The user sees an HTTP 404 error message (page not found).

Authentication on the master should work correctly.

It looks like this issue is caused by the slave ClearTrust Agent not being able to process an expired ClearTrust cookie. The following log entries can be seen when running the slave agent in debug mode:

1143520245.700 29354 1 3:ct_handle_request: CT_FULL_URI: /cleartrust_issopix?MOACT=MOSDC&MOORU=/manual/&MOCKE=AAAAAQABAEDXFdcP0DE8ztoJgLO1koMLcHdlFNbC7qtoNUvfe0l34J%2Fc8GxsiPBqFndpKtX2meMSK%2B6j5zv3OE3oFZtk%2B0ox
1143520245.700 29354 1 2:ct_handle_request: return CT_AUTH_URL_ACCESS_ALLOWED, tries = 0, req_handled = TRUE
1143520245.701 29354 1 3:is_a_login_form: return FALSE, uri=/cleartrust_issopix?MOACT=MOSDC&MOORU=/manual/&MOCKE=AAAAAQABAEDXFdcP0DE8ztoJgLO1koMLcHdlFNbC7qtoNUvfe0l34J%2Fc8GxsiPBqFndpKtX2meMSK%2B6j5zv3OE3oFZtk%2B0ox
1143520245.701 29354 1 2:ct_auth_check_user: return 0 OK
1143520245.702 29354 1 3:ct_post_process: rsp_status = 404 Not Found
ResolutionThis issue has been resolved in a hot fix for RSA ClearTrust Agent 3.5 for Apache. Contact RSA Security Customer Support to obtain hot fix 3.5.0.47, or request the latest fix level (which is cumulative, and contains fixes from previous fix levels).
Legacy Article IDa30181

Attachments

    Outcomes