RSA Access Manager CERTIFICATE authentication does not work with Protocol Transition
Originally Published: 2013-07-03
Article Number
Applies To
RSA Product/Service Type: Access Manager Agent
RSA Version/Condition: 4.9.3
Platform: IIS 7
Issue
The following error is seen in the browser:
401.3 Unauthorized
The error message in the agent log at debug level shows:
2013-07-03 12:17:06 -0500 - [736] - <Security> - Session has idled out.
2013-07-03 12:17:06 -0500 - [2996] - <Debug> - Response: 401
Cause
Resolution
Change the setting for cleartrust.agent.iis.preproc_auth_enabled=TRUE. This changes the authentication event from the IIS OnPostAuthenticateRequest event to the BEGIN_REQUEST notification event.
Related Articles
Protocol Transition fails and the user gets a 401 unauthorized message Number of Views LDAPS connection does not work with RSA Authentication Manager 8.4 Number of Views Access Manager CERTIFICATE authentication fails to re-authenticate after token decryption failed message Number of Views How to 'Trust' the RSA Authentication Manager Security Console Self-Signed Root CA certificate and prevent Cert warnings. Number of Views RSA Access Manager password policy for automatic user unlock does not work when using an Active Directory user store Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
