000022190 - How to configure different RSA ClearTrust logon pages with a centralized logon server

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022190
Applies ToRSA ClearTrust 5.5.3
RSA ClearTrust Agent 4.6 for Microsoft Internet Information Services (IIS) 6.0

Centralized logon page

Virtual Host Definitions
IssueHow to configure different RSA ClearTrust logon pages with a centralized logon server
After authentication, RSA ClearTrust user is redirected to back to logon page. This occurs when attempting to access a logon page defined in a virtual host definition that is different from the logon page defined in the virtual host definition for the central logon server.
Cause
RSA ClearTrust Agent redirects the user back to the logon page because the page being served does not match the name of the logon page defined as the logon page in the definition for the centralized logon server
Resolution

This configuration can be supported by changing the target of the form post event in the RSA ClearTrust logon page defined in the virtual host definition to point to the fully-qualified domain name (FQDN) of the central logon servers logon page:

1. In the webagent.conf file, define a central logon server page called "ct_logon.asp" and define a separate logon page for each virtual host on the same server:

#Central Logon Server
<VirtualHost name=*, port=443>
cleartrust.agent.login_form_location_basic=https://istaines-t.na.rsa.net:443/cleartrust/ct_logon.asp?CTAuthMode=BASIC&language=<%language%>
</VirtualHost>

#Server on Port 80
<VirtualHost name=*, port=80>
cleartrust.agent.login_form_location_basic=https://istaines-t.na.rsa.net:443/cleartrust/ct_logon80.asp?CTAuthMode=BASIC&language=<%language%>
</VirtualHost>

2. In the logon page for the virtual hosts (ct_logon80.asp), change the location for the POST by editing the PostBackURL. Search for the following line:

PostBackURL = Request.ServerVariables ("URI")

and replace this line with the location of the central logon form:

PostBackURL = https://istaines-t.na.rsa.net:443/cleartrust/ct_logon.asp

3. In the logon page for the central logon server (ct_logon.asp), change the location for the Response.Redirect so it refers to the central logon page. Search for the following line:

Response.Redirect "/ClearTrust/ct_logon.asp"

and replace this line with the name of your central logon form (in this example, there is no change):

Response.Redirect "/ClearTrust/ct_logon.asp

Legacy Article IDa27234

Attachments

    Outcomes