The RSA Access Manager 5.0 Web Agent is displaying error 403 if there is no value specified for the cleartrust.agent.rules.file = parameter.
Beginning with RSA Access Manager 5.0 Web Agent, two new parameters were added with dependencies related to the "cleartrust.agent.rules.file =" parameter, as in the example below:
cleartrust.agent.rules_file_status=
cleartrust.agent.rules_file_update_interval=15 Mins
When cleartrust.agent.rules_file_status= LOCAL then the cleartrust.agent.rules.file = has to be specified.
The description for cleartrust.agent.rules_file_status= does mention that if you specify LOCAL then you have to specify a value for the cleartrust.agent.rules.file =.
The description for cleartrust.agent.rules.file = however was not updated to indicate this new dependency.
If an administrator inadvertently specifies cleartrust.agent.rules_file_status=LOCAL without specifying a value for cleartrust.agent.rules.file = then the agent will return a 403 error
The cleartrust.agent.rules_file_update_interval=15 Mins is only used if cleartrust.agent.rules_file_status=CENTRALIZED and does not apply in this situation.
If the rules.xml file is not needed, make sure both of the following parameters have no value specified:
cleartrust.agent.rules_file=
cleartrust.agent.rules_file_status=
