Access Manager incorrectly redirects HTTPS session to HTTP port on Citrix Web Interface Server
Originally Published: 2009-09-29
Article Number
Applies To
RSA Access Manager Agent 4.8 for IIS 6.0
Microsoft Internet Information Services (IIS) 6.0
Issue
After authentication the user is directed to HTTP instead of HTTPS on the Citrix Web Interface Server. The Access Manager redirection cookie (URL retention cookie) ACTSESSION contains the wrong address and port.
Cause
Resolution
cleartrust.agent.retain_url.use_full_url=False
There are many solutions to this issue. Some method must be provided to redirect the http requests to the correct https port on the target web server.
- Many third party SSL Accelerators and SSL proxy servers and load balancers can be configured to do the redirection automatically. Install these components in front of the IIS server to do the redirection.
- Modify the central logon page to inspect the ACTSESSION cookie and modify it if contains a redirection URL to the secure gateway. Some customers want more control over the redirection do not even bother rewriting the ACTSESSION cookie and do the redirection themselves in the logon or home page.
- Add a third party module to the IIS server for the Web Interface server to do the http redirect. Search Google for http+https+redirect+IIS for more information.
See also solution AxM 4.8 agent and the arbitrary redirect to port 80 when a loadbalancer is used to rewrite to a different port. ACTSESSION cookie retains port 80.a47576 AxM 4.8 agent and the arbitrary redirect to port 80 when a loadbalancer is used to rewrite to a different port. ACTSESSION cookie retains port 80.
Related Articles
Node secret mismatch: agent and server using different node secrets when authenticating from Citrix Web Interface 5.4 with… Number of Views Replacing the server certificate used for the RSA Identity Governance & Lifecycle appliance web administration interface Number of Views Access Manager Agent HTTP error 403.0 - Forbidden when accessing IIS web server Number of Views How to create and configure certificates for HTTPS access when using intermediate CA certs in RSA Identity Governance & Li… Number of Views The RSA SecurID Access Cloud Authentication Service rejects signed SP-initiated SAML requests with an HTTP Redirect binding Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
