Article Number
000030101
Applies To
RSA Product Set: ClearTrust
RSA Product/Service Type: Access Manager Entitlements Manager (AdminGUI)
RSA Version/Condition: 6.6.2 (SP2)
Platform: Windows
Platform (Other): null
O/S Version: 2008 Server R2 x64
Product Name: RSA-0010020
Product Description: Access Manager
Issue
An "Error 404!" "The page you were looking for could not be found" displays in the RSA Access Manager Entitlements Manager (AdminGUI). The URL may be an image, or it may be show when attempting to display the page "error.html". This may occur after the idle session timeout period has expired (default 10 minutes) and after the user authenticates and tries to access previously cached content.
Cause
This occurs after deploying the 6.6.2 Entitlements Manager axm-admin-gui-6.2.2.war file. The CSRFGuard application used to prevent cross site scripting attacks was updated in the 6.2.2 version of RSA Access Manager. The application incorrectly redirects the user to the page error.html instead of the logon page.
Resolution
This issue is resolved in RSA Access Manager 6.2.3 (SP3). Contact RSA Customer Support and request the latest service pack for RSA Access Manager.
Workaround
Edit the csrfguard.properties file located in {deployment}/axm-admin-gui-6.2.2/WEB-INF/ folder of your application server where the Entitlements Manger was deployed.
Locate the following line:
org.owasp.csrfguard.action.Redirect.Page=%servletContext%/error.html
and change it to point to the InvaldSession.jsp page:
org.owasp.csrfguard.action.Redirect.Page=%servletContext%/InvalidSession.jsp.
Restart the application server.
Note that if you redeploy the entitlements manger you will have to make this change again.
