AxM 4.9 Agent for IIS does not serve read only copies of Microsoft Office Documents

RSA Access Manager 4.9.1 Agent for IIS 7.x
SharePoint is not installed on the backend server, and Office documents are being opened in read only mode.

AxM 4.9 Agent for IIS does not serve read only copies of Microsoft Office Documents
When attempting to open an Office document (for example, an MSWord doc), the user is presented with a second forms based logon page in the Word application.  If the user attempts to authenticate in this window, the logon loops.

There was a change made to the 4.9 Agent to support SharePoint integration with Office applications.  In current versions of Office, the Office application will initiate a dialog with the back end web server to determine what kind of read and write access to documents is in use.  This negotiation uses the OPTIONS verb to exchange details.  The 4.9 agent now detects this negotiation, and changes the logon process for Office documents.  This requirement satisfies SharePoint support, but is not needed if SharePoint is not installed on IIS (and only read only access to Office documents is required). 

The following work around may be used if the hotfix cannot be applied.  If support is not required for SharePoint, disable the support for the OPTIONS verb in IIS 7.x.  This can be done in several ways and is dependent on the version of IIS if you have applied the administration pack.  If the administration pack is enabled, you can disable the OPTIONS verb by creating a deny rule in the IIS management console under "Request Filtering" for the "HTTP Verb" called OPTIONS.   
This issue is resolved in hotfix 4.9.1.13 for the RSA Access Manager 4.9.1 Agent for IIS 7.x.  Contact RSA Customer Support and request this hotfix or the latest cumulative hotfix for you platform. This hotfix introduces a new webagent.conf file parameter that may be used to disable the sharepoint support.

For more information on the OPTIONS verb in IIS, see the following article: