000017160 - Agent 5.0 ISSO feature not compatible with older 4.x agents - RSA Access Manager

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017160
Applies ToRSA Access Manager Agents versions 5.x
RSA Access Manager Agents 4.x
New ISSO parameter  cleartrust.agent.isso.handle_slave_auth_at_aserver=True. 
IssueAgent 5.0  ISSO feature not compatible with older 4.x agents
Newer 5.0 agents added to exisitng 4.x agents ISSO installatioon fails.
Cause

Older 4.x agents contacted the keyserver directly for encryption.   Now  there is a new feature  to keep the keys off the webserver and allow the aserver to do the encryption 

cleartrust.agent.isso.handle_slave_auth_at_aserver=True.  The  two methods are incompatible with each other. Ciphers and hash algorithms  used in aserver are different than 4.x agents.

Resolution

If working with a mixed 5.x and 4.x  ISSO agent environemnt the folling parameter must be sat False and the keyserver info provided as was dione for the 4.x agenst

cleartrust.agent.isso.handle_slave_auth_at_aserver=False

NotesThis will be documented in future releases.
Legacy Article IDa67671

Attachments

    Outcomes