Article Number
000029410
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Web for IIS
RSA Version/Condition: 7.1.2, 7.1.3 for IIS
Platform: Windows
Platform (Other): Microsoft Windows Server 2008 R2
Issue
We are trying to get the web agent version 7.1.3 working with SharePoint 2010 in combination with SSO. This is claimed to be fixed in version 7.1.3 of the web agent (Tracking number:AAIIS-1111) We did pre-configuration according to the release notes of the agent with software version 7.1.3 and then configured the agent and SharePoint by following the instructions in the web agent installation and configuration guide This guide only contains at some point instructions for SharePoint 2007 and not for SharePoint 2010 but we configured SharePoint 2010 to achieve the same result. However, we are still unable to get this working. We still get an HTTP 403 Forbidden message. We are able to get the same successfully working with Microsoft IIS
Cause
The cookie that the TMG uses epoch time, and when the epoch time was entered into an epoch time converter, the time was found to be 26 hours late, or old. Setting the time on the TMG server ahead by 26 hours allowed SSO to work with the web agent and SharePoint.
Resolution
For the fix (from AAIIS-96 back in Web Agent 5.3) to take effect, define a string value called "Agent50CompatibleCookies" in the following registry key HKEY_LOCAL_MACHINE\SOFTWARE\SDTI\RSAWebAgent.
