This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

RSA® Access Manager Discussions

Browse the RSA Access Manager discussion board to get product help and collaborate with other users of RSA Access Manager.
WillWilkinson
Beginner
Beginner
‎2020-12-01 07:01 AM

Co-hosting RSA and .Net Application on the same IIS Server 10

Jump to solution

we are installing the RSA Web Agent 5.0 SP4 on IIS 10. Along with RSA, we have the application also deployed on the same IIS Server with different port number. The reverse proxy is used to route the traffic between Agent and Application. Now the issue is, the RSA is protecting any request to the server, even the unprotected ones from the application which is running in different port as well. This is causing the application to route in loop, and erroring too many redirects. Is there any setting we need to change to fix or is this the expected behaviour?

0 Likes
Reply
1 Solution

Accepted Solutions
IanStaines
Moderator Moderator
Moderator
In response to WillWilkinson
‎2021-01-04 10:39 AM

Jump to solution

Sorry from your description I cannot confirm your assertion that the RSA Access Manager Agent is not working correctly. 

 

The documentation for the agent is available here:

 

https://community.rsa.com/docs/DOC-79284 

View solution in original post

0 Likes
Reply
6 Replies
IanStaines
Moderator Moderator
Moderator
‎2020-12-01 02:04 PM

Jump to solution

The word "protecting" is ambiguous when describing how the RSA IIS Web Agent works.


The RSA Agent module will of course be executed for all virtual hosts where it is installed.  So it will be invoked for authentication or authorization for any requests served by this server.  That is by design.  The agent does not care what port is in use.  

 

In light of this what do you mean by unprotected in this statement?   

 

even the unprotected ones
Reply
WillWilkinson
Beginner
Beginner
In response to IanStaines
‎2020-12-08 01:13 PM

Jump to solution

Thank you Ian for the response, there was a misconfiguration which caused the authentication triggered again (which I though unprotected, but protected by url_exclusion_list) which I corrected and make it work.

 

Is there any reason why the POST form submission is not checked by RSA agent to validate the user and password and re-directing to the launch page with POST submission? What is the significance of ct-iis-form-query?

 

From the RSA Agent Log:

 

1607454673.836:[ct_auth_module.cpp/1835]:<Debug>:[[OnSendResponse]]:Checking for logon header
1607454673.836:[ct_auth_module.cpp/2762]:<Massive>:[get_response_header]:...
1607454673.836:[ct_auth_module.cpp/2762]:<Massive>:[get_response_header]:...
1607454673.836:[ct_auth_module.cpp/2783]:<Debug>:[get_response_header]:Header ct-iis-form-query is NULL\n
1607454673.836:[ct_auth_module.cpp/2086]:<Massive>:[Destructor]:...
1607454673.836:[ct_auth_module.cpp/2090]:<Debug>:[Destructor]:free Heap
1607454673.836:[ct_request_data.c/291]:<Massive>:[ct_destroy_request_data_from_id]:...

0 Likes
Reply
IanStaines
Moderator Moderator
Moderator
In response to WillWilkinson
‎2020-12-10 05:59 PM

Jump to solution

All requests are checked by the agent. 

 

I am not sure what you mean by "Launch page" this is not an RSA term.

 

The ct-iis-form-query is unique to the IIS agent and it is used to identify requests made to the logon page and ensure the POST data is handled correctly.   Its a required to work around some deficiencies in the way IIS handles requests.   

0 Likes
Reply
IanStaines
Moderator Moderator
Moderator
In response to IanStaines
‎2020-12-16 01:49 PM

Jump to solution

Any further questions or can I mark this thread as answered?

0 Likes
Reply
WillWilkinson
Beginner
Beginner
‎2021-01-04 05:46 AM

Jump to solution

Thanks Ian, as you see from the agent log, the ct-iis-form-query value is null, the app is not authenticated and it is re-directing to the login form page. Is there any specific settings to be done to make the IIS agent to work properly or if you can share any specific documentation for this, that would be helpful.

0 Likes
Reply
IanStaines
Moderator Moderator
Moderator
In response to WillWilkinson
‎2021-01-04 10:39 AM

Jump to solution

Sorry from your description I cannot confirm your assertion that the RSA Access Manager Agent is not working correctly. 

 

The documentation for the agent is available here:

 

https://community.rsa.com/docs/DOC-79284 

View solution in original post

0 Likes
Reply
© 2021 RSA Security LLC or its affiliates.
All rights reserved.