Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000017755 - Incorrect Lockbox instructions for WAS 5.0SP1 App-Agent Manual Install on Redhat 6.2/6.4 - RSA Access Manager

Document created by RSA Customer Support

on Jun 16, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000017755
Applies To	RSA Access Manager Download: axm-appagent-was-5.0 SP1-rhel-v6-x86-64.tar.gz AppServer: WAS 8.5 OS: Redhat 6.2/6.4
Issue	WAS 8.5 App Agent 5.0SP1 on RedHat has incorrect lockbox instructions. When creating lockbox you need to specify a key-item to be used to encrypt values but the Configuration file does not have a parameter to specify the Key-item for decryption
Cause	Lockbox instructions were not updated to reflect changes made to specify key-item. The WAS App-server does not have parameter to specify key-item, by default it looks for Key-Item "AXM-CORE" The default "AXM-CORE" key-item is only created during automated install, during a manual install you have to manually create the key-items.
Resolution	Since there is no parameter to specify a different key-item other than the default "AXM-CORE" , this key-item has to be created manually. You would run the lockbox-tool first Your environment variables will differ in regards to lockbox path, admin names and passwords, but you must create the key-item"AXM-CORE" ./lockbox-tool.sh -passphrase <phrase> -lockbox <filepath> -create <item-name> <value> example: ./lockbox-tool.sh -passphrase Securid123! -lockbox /opt/axm/lockbox.clb -create AXM-CORE Securid123! Then encrypt your values running ctencrypt ./ctencrypt.sh <fips or nonfips mode> <path to lockbox> <key-item> param1=value1 param2=value2 example: ./ctencrypt.sh nonfips /opt/axm/lockbox.clb AXM-CORE admin=administrator password=Securid123! admin: h2XoTorPfg9gOl8EueF3f8dyarICb/Ry password: tPWIkOzvHESrPr+P3Ay5OKbM/7KCafro copy the encrypted values to the appropriate fields for: cleartrust.agent.adapi.user_id=h2XoTorPfg9gOl8EueF3f8dyarICb/Ry cleartrust.agent.adapi.user_password=tPWIkOzvHESrPr+P3Ay5OKbM/7KCafro and make sure you update this parameter as well: cleartrust.agent.lockbox_file_path=/opt/axm/lockbox.clb Since the logic is built in to the app agent to look for the AXM-CORE key-item there is no need to specify a key-item.
Legacy Article ID	a65677

Attachments

Outcomes

0 Comments

Recommended Content