8. Known Issues
1. Node Secret Permissions
If the Web Interface does not have permission to write the node secret into the registry, authentication will succeed once, then fail with a “Node verification failure”. If the node secret is cleared from the Authentication Manager console, authentication will again succeed one time. This happens due to the fact that the RSA Authentication Manager sends the node secret to an agent host following the first successful authentication from that host. From that point on, the RSA Authentication Manager requires all traffic from that host to be protected using the supplied node secret.
Previously, simply installing the RSA Authentication Agent prior to installing the Web Interface was enough to guarantee that the permissions for node secret were modified correctly. Under Windows 2003 and IIS 6.0, this does not appear to be the case. Currently, the local machines ASP.NET account (ASPNET), Internet Guest account (IUSR_machinename), and the Launch IIS Process Account (IWAM_machinename) are required to have full access to the node secret key. Information concerning this issue is also available from the Citrix support site, in document CTX102226, titled “Error: The credentials supplied were invalid. Please try again”
2. Invalid PIN not rejected
During certification testing, it was noticed that the Web Interface was not properly validating user entered PINs. When system settings on the RSA Authentication Manager were modified to restrict PINs to between 5 and 7 digits, the Web Interface accepted PINs of length 4 and 8. These PINs are rejected by the RSA Authentication Manager, but no error is returned to the user, leaving them in a confusing state. Also, when alphanumeric PINs are disabled, the same behavior is exhibited.
The easiest
9
