Do we need an RSA Agent installed on a Windows Policy Server?

book

Article ID: 18234

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Description:

In the Policy Server Guides - Policy Server Configuration Guide - Authentication Schemes - SecurID Authentication Schemes

SecurID Scheme Prerequisites

Be sure that the following prerequisites are met before configuring a SecureID authentication scheme:

  • On Windows Policy Servers, the RSA ACE/Client software is installed on the same system as the Policy Server. For information about supported RSA ACE/Client versions, see the Platform Support Matrix on the Support site.
  • If the following are true, be sure to configure the ACE paths to point to the location of the securid file:
    • The ACE environment is using ACE Client 7.0 or later.
    • The ACE environment is not using a Node Secret.
    • One of the following:
      • ACE is protecting another application, which SiteMinder does not protect.
      • ACE is protecting another non-SiteMinder product.

Configuring the ACE paths prevents the authentication request that the Policy Server sends to the ACE Server from failing.

Note: The SM_ACE_FAILOVER_ATTEMPTS environment variable, which is used to set the failover attempts to the ACE server, has been removed.

Solution:

The documentation will be modified as we do not need the RSA agent anymore installed on the policy server box.

The Policy server is compatible with the ACE SDK base on the following:

  • R12SP3 CR03 uses ACE 6.1 SDK
  • R12.5 GA uses ACE 8.1 SDK

Environment

Release:
Component: SMPLC