000029473 - A 403 error is returned if no value specified for cleartrust.agent.rules_file with RSA Access Manager 5.0 Web Agent

Document created by RSA Customer Support Employee on Apr 26, 2019Last modified by RSA Customer Support Employee on Apr 26, 2019
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029473
Applies ToRSA Product Set: ClearTrust
RSA Product/Service Type: Web Agent IIS
RSA Version/Condition: 5.0
Platform: Windows
O/S Version: 2008 Server R2 x64
IssueThe RSA Access Manager 5.0 Web Agent is displaying error 403 if there is no value specified for the cleartrust.agent.rules.file = parameter.
CauseBeginning with RSA Access Manager 5.0 Web Agent, two new parameters were added with dependencies related to the "cleartrust.agent.rules.file =" parameter, as in the example below:

cleartrust.agent.rules_file_update_interval=15 Mins

When cleartrust.agent.rules_file_status= LOCAL then the cleartrust.agent.rules.file = has to be specified.

The description for cleartrust.agent.rules_file_status= does mention that if you specify LOCAL then you have to specify a value for the  cleartrust.agent.rules.file =.
The description for cleartrust.agent.rules.file = however was not updated to indicate this new dependency.

If an administrator inadvertently specifies cleartrust.agent.rules_file_status=LOCAL without specifying a value for cleartrust.agent.rules.file = then the agent will return a 403 error

The cleartrust.agent.rules_file_update_interval=15 Mins is only used if cleartrust.agent.rules_file_status=CENTRALIZED and does not apply in this situation.
ResolutionIf the rules.xml file is not needed, make sure both of the following parameters have no value specified: