000013733 - How to decouple Access Manager from RSA Key Manager Server?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013733
Applies ToRSA Key Manager Server 2.1.3
RSA Access Manager 6.0
RSA Access Manager Agent 4.7 for IIS 6.0
Apache Tomcat 5.5.25
Microsoft Windows Server 2003 R2
RSA Key Manager (RKM) Server was installed with the optional component RSA Access Manager, and Microsoft Internet Information Server (IIS) content protected with RSA Access Manager Agent
IssueHow to decouple Access Manager from RSA Key Manager Server?
How to access RKM administrative web-based console on IIS without authenticating to RSA Access Manager?
ResolutionRKM Server can be decoupled from RSA Access Manager by following these steps:
1. Log in to RKM Server admin console and add internal password for kmsadmin (the default admin account) and all other admin accounts
2. Log out of RKM admin console

3. Stop IIS and Tomcat services
4. Disable or uninstall Access Manager Agent for IIS.  An alternative is to configure Access Manager Agent (webagent.conf) to exclude /KMS/* (cleartrust.agent.url_exclusion_list).  Access Manager Agent can be disabled by setting cleartrust.agent.enabled=False in its webagent.conf.
5. (For RKM version 2.7.x) If RKM configuration file accessManager.properties exists, update the parameter "enabled = true" to "enabled = false" in accessManager.properties.

6. Restart Tomcat and IIS
7. Log in to RKM admin console using internal password for kmsadmin (or another admin account)
NotesWhen RKM Server is installed with RSA Access Manager, access to the RKM administrative console is authenticated and authorized by RSA Access Manager.  All RKM Client requests, however, remain excluded from Access Manager protection by configuring the Access Manager Agent's parameter cleartrust.agent.url_exclusion_list (e.g., cleartrust.agent.url_exclusion_list=/KMS/rpc/crow,/KMS/provider,/KMS/rpc/echidna).
Legacy Article IDa42110