When the RSA Access Manager agent is configured for non forms based basic authentication (cleartrust.agent.form_based_enabled=False) the agent authenticates the user by intercepting the http basic authentication headers in the request object. If the request object does not contain the basic authentication headers the RSA Access Manger agent will direct the web server to issue an http 401 authentication request.
It is common for automated clients to submit the basic authentication credential along with the request, for instance when making a request to a webservice. Some clients (FireFox) will send an http method OPTIONS verb before the real request in order to determine the web server options. Since http basic authentication headers are not typically sent with the OPTIONS verb this request will fail. This may cause the automated client to fail to make the subsequent GET request for the content.
It is possible to use the rules.xml file to allow access to requests that use the http OPTIONS verb as the method. In the webagent.conf file enable the rules.xml file using the parameter cleartrust.agent.rules_file. In the rules.xml file create a rule that allows access for all requests with the method OPTIONS. For example: