When the Identity Router proxy port is accessed from a web browser, there is no response. Instead of displaying the application portal page, the web browser times out the request. The web browser displays an error such as the following example from Mozilla Firefox:
This can occur when the proxy port is accessed in any of the following ways:
The issue occurs regardless of whether the proxy port is accessed via a load balancer or directly. The problem occurs for all RSA Identity Routers in a cluster.
However, although a web browser times out when accessing the RSA Identity Router proxy ports in the cluster, those ports DO respond to an ICMP ping.
This issue will occur if the SSO Agent feature is disabled. Disabling the SSO Agent on all clusters disables the application portal and all other SSO Agent features, such as deep linking. This is expected behavior and is by design.
If you are using RSA SecurID Access for single sign-on (SSO), then you will need to enable the SSO Agent on the cluster. To do that, select the Enable the SSO Agent on all identity routers in the cluster checkbox for the cluster. This will also enable the application portal. Instructions are in the online help's Add a Cluster page.
If you are not using RSA SecurID Access for single sign-on, then the application portal is not required and the SSO Agent should remain disabled. In that case, it is normal and expected for a web browser to time out when accessing the proxy port on RSA Identity Routers in the cluster.