ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Do we need an RSA Agent installed on a Windows Policy Server?
Article ID: 18234
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
Description:
In the Policy Server Guides - Policy Server Configuration Guide - Authentication Schemes - SecurID Authentication Schemes
SecurID Scheme Prerequisites
Be sure that the following prerequisites are met before configuring a SecureID authentication scheme:
- On Windows Policy Servers, the RSA ACE/Client software is installed on the same system as the Policy Server. For information about supported RSA ACE/Client versions, see the Platform Support Matrix on the Support site.
- If the following are true, be sure to configure the ACE paths to point to the location of the securid file:
- The ACE environment is using ACE Client 7.0 or later.
- The ACE environment is not using a Node Secret.
- One of the following:
- ACE is protecting another application, which SiteMinder does not protect.
- ACE is protecting another non-SiteMinder product.
Configuring the ACE paths prevents the authentication request that the Policy Server sends to the ACE Server from failing.
Note: The SM_ACE_FAILOVER_ATTEMPTS environment variable, which is used to set the failover attempts to the ACE server, has been removed.
Solution:
The documentation will be modified as we do not need the RSA agent anymore installed on the policy server box.
The Policy server is compatible with the ACE SDK base on the following:
- R12SP3 CR03 uses ACE 6.1 SDK
- R12.5 GA uses ACE 8.1 SDK
Environment
Release:
Component: SMPLC
Component: SMPLC
Feedback
Yes
No
Powered by
