This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
zammo
New Contributor
New Contributor
‎2023-02-01 12:36 PM

RSA SecurID IIS web agent giving 403 after successful authentication

Jump to solution

We are setting us a new server with IIS and RSA Securid to replace an existing server.

One the new server we can successfully authenticate using RSA Securid soft token but when it gets redirected back to the website we get a 403 forbidden error. The 2 servers look to be set up s similar as possible. The old one has an old version of the agent (7.1) whilst the new one is using 8.0.5

Managed to get tracing to run but nothing obvious from that or the event logs.

 

Any ideas or things to try?

 

 

Labels (2)
0 Likes
Reply
1 Solution

Accepted Solutions
EricaChalfin
Moderator Moderator
Moderator
‎2023-02-01 04:29 PM

Jump to solution

@zammo,

Welcome to the RSA community! We are so glad that you joined us!

Can you upgrade the agent so they are both running Authentication Agent 8.0.5 for IIS Web Server?

For the 403 error, you can try setting MatchOnSecurIDUsername to 0. This tells the web agent that it is OK if the SecurID user name is not exactly the same as the credentials used for application sign on.  If there are differences and MatchOnSecurIDUsername is not set, or if it is set to 1, the user will get a Forbidden page
 
Do the following:

  1. Open the registry on the web agent server.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\RSAWebAgent.
  3. Set MatchOnSecurIDUsername = 0 (REG_DWORD).
  4. After updating the registry, the server must be rebooted for the change to take effect.

If this does not work, please contact RSA support and open a support ticket.


Best regards,
Erica

View solution in original post

Reply
2 Replies
EricaChalfin
Moderator Moderator
Moderator
‎2023-02-01 04:29 PM

Jump to solution

@zammo,

Welcome to the RSA community! We are so glad that you joined us!

Can you upgrade the agent so they are both running Authentication Agent 8.0.5 for IIS Web Server?

For the 403 error, you can try setting MatchOnSecurIDUsername to 0. This tells the web agent that it is OK if the SecurID user name is not exactly the same as the credentials used for application sign on.  If there are differences and MatchOnSecurIDUsername is not set, or if it is set to 1, the user will get a Forbidden page
 
Do the following:

  1. Open the registry on the web agent server.
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\RSAWebAgent.
  3. Set MatchOnSecurIDUsername = 0 (REG_DWORD).
  4. After updating the registry, the server must be rebooted for the change to take effect.

If this does not work, please contact RSA support and open a support ticket.


Best regards,
Erica
Reply
zammo
New Contributor
New Contributor
In response to EricaChalfin
‎2023-02-02 12:01 PM

Jump to solution

Great. That looks to have sorted it.

 

We are replacing the old server so didn't want to upgrade it but the new one looks to be working okay now and we can do a full test now

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.