Browser loses Fragment identifier '#' after redirect in RSA Access Manager 6.x

2 years ago

Originally Published: 2010-12-03

Article Number

000051347

Applies To

RSA Product Set: Access Manager
RSA Product/Service Type: Access Manager
RSA Version/Condition: 6.x

Issue

Browser loses Fragment identifier "#" after the redirect

URL loses fragment identifier ( customer referred to it as "Anchor Text") after redirection to Logon Page. Example of a URL with fragment identifier

http://tools.ietf.org/html/rfc2396#section-4.1
Click on the above and it takes you to the section4.1 of the URL

Cause

The fragment identifier "#" cannot be a part of the retained URI because it has special meaning. The issue is that the browser never sends it (the fragment delimiter) to the webserver.
It is never seen by the webserver and therefore our agent doesn't see it either, so impossible for the RSA agent to capture it to save it. The browser holds onto the reference information (never sends it) to be interpreted by the browser after the retrieval action has been successfully completed (i.e. bookmark). Unfortunately, the browser doesn't?t retain it because of the type of redirect after authentication. The browser would use it only if going directly to the page.

Resolution

In this case with IWA the redirect is done by the ct_home.asp page that is IWA protected in the ClearTrust\IWA\directory

<%
   If sURL <> "" Then
%>
   <META  HTTP-EQUIV="refresh" CONTENT="0;url=<%=sURL%>">
   </HEAD>
<% Else %>

Instead of META refresh use
response.redirect "<%=sURL%>"\

The Firefox and Chrome browsers now retain the #text. Internet Explorer 7 and 8 still don't retain it. IE may need additional config changes to work.

IE8 is listed as retaining the #text on this chart:

http://lists.w3.org/Archives/Public/ietf-http-wg/2010JanMar/att-0275/Paths_and_fragments_in_Location_header.htm

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles