This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Access Manager Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by RSA Access Manager experts.

4.8 Agent for Apache fails to set user properties in the http headers after idle timeout with CERTIFICATE authentication

Article Number

000013464

Applies To

RSA Access Manager 4.8 Agent for Apache 2.2

RSA Access Manager 4.9.1 Agent for Apache 2.2

Issue

RSA Access Manager agent for Apache fails to set user properties in the http headers after idle timeout with CERTIFICATE authentication
When configured to export RSA Access Manger user properties in the http header the agent sets them correctly during the inital authentication but fails to set them when the user authenticates after an idle timeout.
The Agent log file shows that the users session has become idle.
2012-02-14 11:12:39 -0800 - [1420] - <Security> - Session has idled out
At debug log level the following log file entries are missing from the agent log file during the authentication after an idle timeout.

2012-02-14 11:10:23 -0800 - [1420] - <Debug> - Setting header: email, value: user@rsa.com
2012-02-14 11:10:23 -0800 - [1420] - <Info> - Setting headers for user: user1, auth: 4, webserver: test

Cause

Hotfix 4.8.0.23 changed the behaviour of the agent to prevent it from setting http headers when the user was not authenticated.  Forms based authentication types that do an http redirect after an idle timeout will correctly set the user properties in the http header when the user is authenticated after idle timeout.  When the agent is configured for CERTIFICATE based authentication the agent authenticates the user on the initial http request without a redirect.  The agent fails to set the http headers in this instance because the request occurs while the user is considered unauthenticated.

Resolution

This issue has been resolved in hotfix 4.8.0.52 for the RSA Access Manager 4.8 Agent for Apache 2.2 on RedHat Linux.  The agent now correctly sets user properties in the http headers when the user is authenticated after an idle timeout.  Contact RSA Customer Support to request this hotfix or the latest cumulative hotfix for your web server and platform. 
This issue has been resolved in hotfix 4.9.1.14 for the RSA Access Manager 4.9.1 Agent for Apache 2.2 on RedHat Linux.  The agent now correctly sets user properties in the http headers when the user is authenticated after an idle timeout.  Contact RSA Customer Support to request this hotfix or the latest cumulative hotfix for your web server and platform. 

Workaround

Customer has applied RSA Access Manager 4.8 Agent hotfix 4.8.0.23 or later and is using CERTIFICATE authentication type.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-13 05:07 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.