000017755 - Incorrect Lockbox instructions for WAS 5.0SP1 App-Agent Manual Install on Redhat 6.2/6.4 - RSA Access Manager

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017755
Applies ToRSA Access Manager
Download:  axm-appagent-was-5.0 SP1-rhel-v6-x86-64.tar.gz
AppServer: WAS 8.5
OS:  Redhat 6.2/6.4
IssueWAS 8.5 App Agent 5.0SP1 on RedHat has incorrect lockbox instructions.
When creating lockbox you need to specify a key-item to be used to encrypt values but the Configuration file does not have a parameter to specify the Key-item for decryption
CauseLockbox instructions were not updated to reflect changes made to specify key-item.
The WAS App-server does not have parameter to specify key-item, by default it looks for Key-Item "AXM-CORE"
The default "AXM-CORE" key-item is only created during automated install, during a manual install you have to manually create the key-items.
ResolutionSince there is no parameter to specify a different key-item other than the default "AXM-CORE" , this key-item has to be created manually.
You would run the lockbox-tool first

Your environment variables will differ in regards to lockbox path, admin names and passwords, but you must create the key-item"AXM-CORE"
            ./lockbox-tool.sh -passphrase <phrase> -lockbox <filepath> -create <item-name> <value>
example:
            ./lockbox-tool.sh -passphrase Securid123! -lockbox /opt/axm/lockbox.clb -create AXM-CORE Securid123!

Then encrypt your values running ctencrypt
            ./ctencrypt.sh <fips or nonfips mode> <path to lockbox> <key-item> param1=value1 param2=value2
example:
            ./ctencrypt.sh nonfips /opt/axm/lockbox.clb AXM-CORE admin=administrator password=Securid123!

admin: h2XoTorPfg9gOl8EueF3f8dyarICb/Ry

password: tPWIkOzvHESrPr+P3Ay5OKbM/7KCafro

copy the encrypted values to the appropriate fields for:
cleartrust.agent.adapi.user_id=h2XoTorPfg9gOl8EueF3f8dyarICb/Ry
cleartrust.agent.adapi.user_password=tPWIkOzvHESrPr+P3Ay5OKbM/7KCafro

and make sure you update this parameter as well:
cleartrust.agent.lockbox_file_path=/opt/axm/lockbox.clb

Since the logic is built in to the app agent to look for the AXM-CORE key-item there is no need to specify a key-item.
Legacy Article IDa65677

Attachments

    Outcomes