|Applies To||RSA Product Set: SecurID Access|
RSA Product/Service Type: Identity Router, Cloud
|Issue||An end user can login normally to the Portal and can access applications normally. However, when they try to logout of the Portal, the logout appears to "loop" and never completes. |
In the User Event Monitor of the RSA Cloud Administration Console, each end user Portal logout generates repeated events. The first event recorded for the logout appears normal and has the correct User ID listed for the user. However, many additional events are also generated with User ID N/A, Event Code 907, Description Portal logout succeeded. and Application Portal.
|Cause||This issue will occur when the Portal Host Name is not within the configured Protected Domain Name.|
This issue will occur if the Portal Host Name is portal.example.com and the Protected Domain Name configured in the RSA Cloud Administration Console is dmz.example.com. The issue will also occur if the Portal Host Name is identical to the Protected Domain Name.
|Resolution||The Portal Host Name must include the full Protected Domain Name that is configured in the RSA Cloud Administration Console at Company Settings > Company Information > Protected Domain Name. For the first example given in the Cause section above, the Portal Host Name should be portal.dmz.example.com. |
Protected Domain Name requirements are described in the Online Help's Protected Domain Name page. In particular, note the advice on that page to "avoid using registered domains as the protected domain name."
To fix this issue, there are two options, described below. You can either:
Change the Portal Host Name
If you choose to change the Portal Host Name to use the Protected Domain Name, you will need to do the tasks listed below. These instructions use the example names from above :
Change the Protected Domain Name
If you wish to change the Protected Domain Name to match the Portal Host Name's domain, in our example that would mean changing the Protected Domain Name from dmz.example.com to example.com. We recommend that you "avoid using registered domains as the protected domain name", for the reasons explained on the Protected Domain Name page. However, it can be done.
To make this change:
Guidelines for configuring these items are also in the Quick Setup Guides listed on the Cloud Authentication Service Planning and Configuration page.
|Notes||If you have questions about the specific changes required in your deployment, please contact RSA Customer Support.|