|Applies To||RSA Key Manager Server 2.1.3|
RSA Access Manager 6.0
RSA Access Manager Agent 4.7 for IIS 6.0
Apache Tomcat 5.5.25
Microsoft Windows Server 2003 R2
RSA Key Manager (RKM) Server was installed with the optional component RSA Access Manager, and Microsoft Internet Information Server (IIS) content protected with RSA Access Manager Agent
|Issue||How to decouple Access Manager from RSA Key Manager Server?|
How to access RKM administrative web-based console on IIS without authenticating to RSA Access Manager?
|Resolution||RKM Server can be decoupled from RSA Access Manager by following these steps:|
1. Log in to RKM Server admin console and add internal password for kmsadmin (the default admin account) and all other admin accounts
2. Log out of RKM admin console
3. Stop IIS and Tomcat services
4. Disable or uninstall Access Manager Agent for IIS. An alternative is to configure Access Manager Agent (webagent.conf) to exclude /KMS/* (cleartrust.agent.url_exclusion_list). Access Manager Agent can be disabled by setting cleartrust.agent.enabled=False in its webagent.conf.
5. (For RKM version 2.7.x) If RKM configuration file accessManager.properties exists, update the parameter "enabled = true" to "enabled = false" in accessManager.properties.
6. Restart Tomcat and IIS
7. Log in to RKM admin console using internal password for kmsadmin (or another admin account)
|Notes||When RKM Server is installed with RSA Access Manager, access to the RKM administrative console is authenticated and authorized by RSA Access Manager. All RKM Client requests, however, remain excluded from Access Manager protection by configuring the Access Manager Agent's parameter cleartrust.agent.url_exclusion_list (e.g., cleartrust.agent.url_exclusion_list=/KMS/rpc/crow,/KMS/provider,/KMS/rpc/echidna).|
|Legacy Article ID||a42110|