000022009 - RSA ClearTrust directing users directed to wrong error page

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022009
Applies ToRSA ClearTrust Agent 3.5.2 for BEA WebLogic
RSA ClearTrust Agent 4.5 for IBM WebSphere 5.0.2
IssueRSA ClearTrust directing users directed to wrong error page
cleartrust_realms.properties (on BEA WebLogic) and cleartrust.properties (on IBM WebSphere) have been modified to use customized pages rather than any of these issued files. However, at various times, users are redirected automatically to one of these pages.
User is redirected to RSA ClearTrust logon page or ClearTrust error page
CauseThe perception is that there must be some hard-coded values inside RSA ClearTrust Agent that, when all else fails, uses one of the original pages. There are no such hard-coded values that cause this behavior; the cause is that there are other configurable locations where these web pages can be set. These are the individual web.xml deployment descriptor files for individually deployed web applications.
Resolution
For each deployed web application in either a free-standing web application or bundled in an application, try looking for the following type of parameters (this is just an example; the actual web pages referenced will vary):

<login-config>
     <auth-method>FORMS</auth-method>
     <form-login-config>
          <form-login-page>/cleartrust/ct_login_custom.jsp</form-login-page>
          <form-error-page>/cleartrust/ct_access_denied.html</form-error-page>
     </form-login-config>
</login-config>

Then, correct the erroneous value by setting to the correct login (or error) page that you desire.

NOTE: This mechanism for causing a ClearTrust login page to appear is valid, and relates to the use of J2EE security mechanisms. A useful tip to confirm that the intention was to use a custom logon page is to check the source of the logon page which the user should have seen for the presence of values like j_security_check, j_username and j_password - all of which suggest a JAAS logon is in use.
Legacy Article IDa26527

Attachments

    Outcomes