000022296 - Multiple RSA ClearTrust authentications on the AP and RP

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022296
Applies ToRSA Federated Identity Manager (FIM) 2.5
Microsoft Windows 2000 SP4
IssueMultiple RSA ClearTrust authentications on the AP and RP
While using Web Single Sign-On (SSO), you are challenged by RSA ClearTrust on the RP side. Being challenged on each side defeats the purpose of Web SSO
CauseRSA ClearTrust 5.5 introduced a new token format that is used by default. Most RSA ClearTrust Agents do not support this format. As a result, an RSA ClearTrust token created by RSA Federated Identity Manager (FIM) on the RP system using RSA ClearTrust 5.5 may not be recognized by the associated RSA ClearTrust Agent.
ResolutionAdd the following line to your aserver.conf file in RSA ClearTrust:

cleartrust.aserver.token_version=1

or

If you configured the RSA ClearTrust Web Agents to perform ip_checking, you must enable the ?send IP Address? setting for Web SSO for the AP (for the associated RP side).

cleartrust.aserver.token_version=1   Supports RSA ClearTrust Agents version 3.0.x
cleartrust.aserver.token_version=1   Supports RSA ClearTrust Agent version 3.5 for Apache
cleartrust.aserver.token_version=2   Supports RSA ClearTrust Agent version 4.x
Legacy Article IDa27870

Attachments

    Outcomes