000011644 - AxM / AA - webagent rules.xml breaks AA (Adaptive Auth) integration

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011644
Applies ToRSA Access Manager 6.1.3
RSA Access Manager on-premise Adaptive Authentication
IssueAxM / AA - webagent rules.xml breaks AA (Adaptive Auth) integration

To avoid the potential insecure agent extension exclusion list , RSA recommends using rules.xml

If you enable rules.xml the AA image (/cleartrust/aa_img.gif) does not display if you use the following rule:
 
<Rule>
  <argument type="URI" expression="^/.*\.gif$" />
  <action type="HTTP" argument="200" />
</Rule>

ResolutionUse the following rule  to match all gifs but /cleartrust/aa_img.gif):
 
<Rule>
  <argument type="URI" expression="(?!/cleartrust/aa_img.gif)^/.*\.gif$" />
  <action type="HTTP" argument="200" />
</Rule>
and add /cleartrust/aa_img.gif to cleartrust.agent.url_exclusion_list like so:
 
cleartrust.agent.url_exclusion_list=/cleartrust/js/deviceprint.js,/cleartrust/aa_img.gif
Notes

If you are alternately using Apache proxy, the following may also be required:

ProxyPass /cleartrust/aa_img.gif !

Legacy Article IDa56106

Attachments

    Outcomes