000022792 - RSA ClearTrust user redirected to login form continuously even though correct credentials were entered

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022792
Applies ToRSA ClearTrust Agent 4.6
IssueRSA ClearTrust user redirected to login form continuously even though correct credentials were entered
User cannot access protected resource
User cannot authenticate
Authentication looping at logon form
CauseThis issue can occur if RSA ClearTrust Agent is misconfigured such that users with expired credentials are redirected to the logon page. This is done by setting the following configuration parameters as follows in the webagent.conf file:

cleartrust.agent.login_error_password_expired=/cleartrust/ct_logon.jsp   
cleartrust.agent.login_error_password_expired_new_user=/cleartrust/ct_logon.jsp
cleartrust.agent.login_error_password_expired_forced=/cleartrust/ct_logon.jsp

cleartrust.agent.logon_form_location_basic=/cleartrust/ct_logon.jsp

If any of the _error_* forms points to the same URI as the logon form, the Agent will not process the logon requests.
ResolutionTo correc this issue, ensure the various _error_ parameters point to a location different then the one specified for the logon form location.
WorkaroundApplied RSA ClearTrust Agent hot fix 4.6.0.101 or newer
Legacy Article IDa30342

Attachments

    Outcomes