000013104 - AXM Agents: What is the purpose of the parameter 'cleartrust.agent.ibm_http_server' ?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013104
Applies ToRSA Access Manager Agent 4.7
RSA Access Manager Agent 4.9 SP2
  • IBM HTTP Server 7.0             RSA 4.9 SP2 agent on AIX 6.1
    •, 15 March 2009 (Apache 2.2.11 based)
  • IBM HTTP Server 6.0/6.1      RSA 4.7 agent on AIX 5.3
    •, 21 July 2006 (Apache 2.0.47 based)
    •, 29 July 2005 (Apache 2.0.47 based)
    •, 15 April 2005

Apache 2.2, Apache 2.0 
IssueAXM: What is the purpose of the parameter "cleartrust.agent.ibm_http_server" ?
A parameter introduced in certification of IBM HTTP Server 7.0 on AIX and later documented in Hotfix
CauseECR 170 was done to support IBM HTTP server 7.0 on AIX for 4.7 agent. During this ECR it was found the handling of certificate authentication was different in IBM HTTP server from apache. To solve the issue this parameter was introduced .  Even if CERTIFICATE auth is not the auth type this can be a problem if the users browser has a certificate.
ResolutionIBM HTTP server is based on Apache. There are not separate binaries for Apache and IBM HTTP server. RSA ships the same Apache binary for IBM HTTP server. While doing a previous ECR it was found that the way IBM HTTP server handles certificate authentication is different from how it is handled by Apache. Therefor this parameter was introduces to distinguish between Apache and IBM HTTP server.
When using IBM HTTP server it is mandatory to set this parameter to be true. The agent will not work correctly in some cases like certificate authentication when this parameter is set to false.
NotesThis Parameter is not there in 4.9 SP2. From 4.9 SP2 onwards the type of web server, Apache or IHS, is obtained using a web server API.
Legacy Article IDa51054