How to configure RSA SecurID Access with automatic IWA to handle non-Windows devices
Originally Published: 2017-10-09
Article Number
Applies To
Issue
Non-Windows client devices (iOS for example) cannot be integrated with IWA and may "hang" preventing authentication to the SID Access portal.
A network trace with Fiddler or Charles will show that the IWA server generated a 401 Unauthorized response to the client device.
Resolution
The IWA/IIS server's 401 error page can be configured to perform a 302-redirect back to the IDR portal login page. See Create a Custom HTTP Error Response regarding "Respond with a 302 redirect". The SID Access portal URL should be provided as the 302 redirect address.
When this redirect occurs for the first time, the user will be given the opportunity to log into the portal interactively, but the relay-state (of the originally requested protected resource) will be lost. That is, deep-linking will not work, and the user will land at the application's configured landing page.
The loss of deep-linking should only happen on first authentication however. As long as cookies are not cleared deep-linking should work on subsequent access attempts.
Related Articles
How to configure firewall's dynamic network address translation on multiple internal clients to an external RSA ACE/Server Number of Views Disaster Recovery Situations Number of Views RSA WTD Silvertail: ValueError: Multiple pages with same base URL Number of Views Disaster Recovery Number of Views The ACE/Server machine has a Dr. Watson Error: CPQMHost.dll Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
