The RSA SecurID form that is customized for mobile devices may not work when a user accesses a Web site that is published in ISA Server 2006

View products that this article applies to.

Expand all | Collapse all

SYMPTOMS

Consider the following scenario:

You publish a Web site in Microsoft Internet Security and Acceleration (ISA) Server 2006.
In the Web listener, ISA Server is configured to use forms-based authentication to authenticate client requests.
ISA Server is configured to present an RSA SecurID form to the client users.
The RSA SecurID logon form is customized for mobile devices by using XHTML-Mobile Profile (XHTML-MP) and cHTML.

However, the RSA SecurID logon form may not work. After a user submits the customized logon form from a mobile device, the Web browser does not open the desired Web site.

Back to the top

If you use forms-based authentication and the RSA SecurID authentication scheme to publish a Web site, the user receives a logon form after the user logs on successfully. This logon form redirects the Web browser to the original URL that the user accesses. ISA Server uses a Refresh header to implement the redirection. However, some devices may not understand this header.

Back to the top

RESOLUTION

How to enable KB939849

Apply the hotfix that is described in the following Microsoft Knowledge Base article:
940250 (http://support.microsoft.com/kb/940250/ ) Description of the ISA Server 2006 hotfix package: July 16, 2007
Start Notepad.

Copy the following script into a Notepad file.

Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
Const SE_VPS_NAME = "Use302ForSecureIDRedirect"
Const SE_VPS_VALUE = true

Sub SetValue()

    ' Create the root obect.
    Dim root  ' The FPCLib.FPC root object
    Set root = CreateObject("FPC.Root")

    'Declare the other objects needed.
    Dim array       ' An FPCArray object
    Dim VendorSets  ' An FPCVendorParametersSets collection
    Dim VendorSet   ' An FPCVendorParametersSet object

    ' Get references to the array object
    ' and the network rules collection.
    Set array = root.GetContainingArray
    Set VendorSets = array.VendorParametersSets

    On Error Resume Next
    Set VendorSet = VendorSets.Item( SE_VPS_GUID )

    If Err.Number <> 0 Then
        Err.Clear

        ' Add the item
        Set VendorSet = VendorSets.Add( SE_VPS_GUID )
        CheckError
        WScript.Echo "New VendorSet added... " & VendorSet.Name

    Else
        WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)
    End If

    if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then

        Err.Clear
        VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE

        If Err.Number <> 0 Then
            CheckError
        Else
            VendorSets.Save false, true
            CheckError

            If Err.Number = 0 Then
                WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
            End If
        End If
    Else
        WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"
    End If

End Sub

Sub CheckError()

    If Err.Number <> 0 Then
        WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
        Err.Clear
    End If

End Sub

SetValue

Save the file as a Microsoft Visual Basic script file by using the .vbs file name extension. For example, use the following name to save the file:
EnableKB939849.vbs
Start a command prompt, move to the location where you saved the EnableKB939849.vbs file, and then run the following command:
cscript EnableKB939849.vbs

How to disable KB939849

Start Notepad.

Copy the following script into a Notepad file.

Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
Const SE_VPS_NAME = "Use302ForSecureIDRedirect"
Const SE_VPS_VALUE = false

Sub SetValue()

    ' Create the root obect.
    Dim root  ' The FPCLib.FPC root object
    Set root = CreateObject("FPC.Root")

    'Declare the other objects needed.
    Dim array       ' An FPCArray object
    Dim VendorSets  ' An FPCVendorParametersSets collection
    Dim VendorSet   ' An FPCVendorParametersSet object

    ' Get references to the array object
    ' and the network rules collection.
    Set array = root.GetContainingArray
    Set VendorSets = array.VendorParametersSets

    On Error Resume Next
    Set VendorSet = VendorSets.Item( SE_VPS_GUID )

    If Err.Number <> 0 Then
        Err.Clear

        ' Add the item
        Set VendorSet = VendorSets.Add( SE_VPS_GUID )
        CheckError
        WScript.Echo "New VendorSet added... " & VendorSet.Name

    Else
        WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)
    End If

    if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then

        Err.Clear
        VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE

        If Err.Number <> 0 Then
            CheckError
        Else
            VendorSets.Save false, true
            CheckError

            If Err.Number = 0 Then
                WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
            End If
        End If
    Else
        WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"
    End If

End Sub

Sub CheckError()

    If Err.Number <> 0 Then
        WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
        Err.Clear
    End If

End Sub

SetValue

Save the file as a Microsoft Visual Basic script file by using the .vbs file name extension. For example, use the following name to save the file:
DisableKB939849.vbs
Start a command prompt, move to the location where you saved the DisableKB939849.vbs file, and then run the following command:
cscript DisableKB939849.vbs

Back to the top