search cancel

Do we need an RSA Agent installed on a Windows Policy Server?


Article ID: 18234


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



In the Policy Server Guides - Policy Server Configuration Guide - Authentication Schemes - SecurID Authentication Schemes

SecurID Scheme Prerequisites

Be sure that the following prerequisites are met before configuring a SecureID authentication scheme:

  • On Windows Policy Servers, the RSA ACE/Client software is installed on the same system as the Policy Server. For information about supported RSA ACE/Client versions, see the Platform Support Matrix on the Support site.
  • If the following are true, be sure to configure the ACE paths to point to the location of the securid file:
    • The ACE environment is using ACE Client 7.0 or later.
    • The ACE environment is not using a Node Secret.
    • One of the following:
      • ACE is protecting another application, which SiteMinder does not protect.
      • ACE is protecting another non-SiteMinder product.

Configuring the ACE paths prevents the authentication request that the Policy Server sends to the ACE Server from failing.

Note: The SM_ACE_FAILOVER_ATTEMPTS environment variable, which is used to set the failover attempts to the ACE server, has been removed.


The documentation will be modified as we do not need the RSA agent anymore installed on the policy server box.

The Policy server is compatible with the ACE SDK base on the following:

  • R12SP3 CR03 uses ACE 6.1 SDK
  • R12.5 GA uses ACE 8.1 SDK


Component: SMPLC