ClearTrust 5.0 login screen images do not appear if entire IIS Web site is protected
RSA ClearTrust 5.0 RSA ClearTrust Agent 3.0 for Microsoft IIS Microsoft Windows NT 4.0 Microsoft Windows 2000 Microsoft Internet Information Server (IIS) 4.0 Microsoft Internet Information Server (IIS) 5.0
ClearTrust 5.0 login screen images do not appear if entire IIS Web site is protected If the entire IIS Web site is protected by "/*", the login screen images does not appear. This is a known issue and is not considered a bug. Please refer to the Administrator's Guide in ClearTrust 5.0, where Chapter 4 (Managing Resources) has a subsection titled "Defining URLs as Resources" under the "Resources" section. This subsection contains an important note that mentions "Using '/*' to protect the entire Web server will block access to graphics and objects associated with login". A similar note is also mentioned in the ClearTrust 4.6.1 Administrator's Guide (Chapter 2 - The Entitlements Manager Background Concepts - Protected Resources - URIs).
Below is the proposed workaround for ClearTrust Agent 3.0 for IIS when the login screen images does not appear if the entire IIS Web server is protected with "/*":
1. Create a virtual host. From Microsoft Management Console, right click the machine hostname and select New -> Web Site. When the "New Web Site Wizard" appears, enter a name for the "Web Site Description". Accept the default (All Unassigned) for the IP address. Enter a new port number if port 80 is used. Enter the 'default path' of the new Web site.
2. Copy the 'images' directory from "c:\program files\RSA\Cleartrust\IIS Agent\htdocs" to the 'default path' of the new Web site
3. Create a test file (test.txt) in the "default path" of the new Web site
4. From Microsoft Management Console, right click the newly created Virtual Host or Web Site and select New -> Virtual Directory. When the New Virtual Directory Wizard appears, enter a name for the 'alias' and the physical path of the directory (ex. c:\<default path>\images).
5. Restart IIS Web server (stop IIS Admin Service and start World Wide Web Publishing) through the Services Control Panel
6. Test the newly created virtual host by accessing the test file (test.txt): http://<FQDN>:portnumber/test.txt
7. Make a back up of the C:\Program Files\RSA\ClearTrust\IIS Agent\htdocs\ct_logon.asp file
8. Edit the C:\Program Files\RSA\ClearTrust\IIS Agent\htdocs\ct_logon.asp file and search for "images". Replace all instances of "images" with the URL and alias of the newly created virtual host. An example is shown below:
9. Back up the C:\Program Files\RSA\ClearTrust\IIS Agent\conf\webagent.conf file
10. Modify the C:\Program Files\RSA\ClearTrust\IIS Agent\conf\webagent.conf file and add the newly created virtual host in the 'VirtualHost' section. Create a virtual host section for the current Web Server with the following ClearTrust parameters:
NOTE: The "web_server_name", "key_client_name", and "key_client_secret" are already defined. Copy the parameters and paste them in the Virtual Host section. Create another virtual host section for the new Web site with only the ClearTrust parameter "cleartrust.agent.enabled" set to "No".