000015712 - Browser loses Fragment identifier '#' after redirect in RSA Access Manager 6.x

Document created by RSA Customer Support Employee on Sep 26, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000015712
Applies ToRSA Product Set: Access Manager
RSA Product/Service Type: Access Manager
RSA Version/Condition: 6.x
IssueBrowser loses Fragment identifier  "#"  after the redirect

URL loses fragment identifier ( customer referred to it as "Anchor Text")  after redirection to Logon Page. Example of a URL with fragment identifier



http://tools.ietf.org/html/rfc2396#section-4.1
Click on the above and it takes you to the section4.1 of the URL

CauseThe fragment identifier "#" cannot be a part of the retained URI because it has special meaning. The issue is that the browser never sends it (the fragment delimiter) to the webserver.
It is never seen by the webserver and therefore our agent doesn't see it either, so impossible for the RSA agent to capture it to save it. The browser holds onto the reference information (never sends it) to be interpreted by the browser after the retrieval action has been successfully completed (i.e. bookmark). Unfortunately, the browser doesn't?t retain it because of the type of redirect after authentication. The browser would use it only if going directly to the page.
Resolution

In this case with IWA the redirect is done by the ct_home.asp page that is IWA protected in the ClearTrust\IWA\directory




<%
   If sURL <> "" Then
%>
   <META  HTTP-EQUIV="refresh" CONTENT="0;url=<%=sURL%>">
   </HEAD>
<% Else %>

 

Instead of META refresh use
response.redirect "<%=sURL%>"\



The Firefox and Chrome browsers now retain the #text.  Internet Explorer 7 and 8 still don't retain it.  IE may need additional config changes to work.  



IE8 is listed as retaining the #text on this chart:



http://lists.w3.org/Archives/Public/ietf-http-wg/2010JanMar/att-0275/Paths_and_fragments_in_Location_header.htm

Legacy Article IDa53115

Attachments

    Outcomes