000021865 - BEA WebLogic console has no logon screen for use with RSA ClearTrust

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021865
Applies ToRSA ClearTrust Agent 3.5.1 for BEA WebLogic
RSA ClearTrust Agent 3.5.2 for BEA WebLogic
IssueBEA WebLogic console has no logon screen for use with RSA ClearTrust
The administrator is not prompted for username and password when connecting to the BEA WebLogic console
No update functions are visible in the BEA WebLogic console
CauseSecurity for the BEA WebLogic system has been switched over from internal WebLogic security to the third-party security provider that was installed (e.g. ClearTrust). However, no console resources have been marked by ClearTrust to be protected in the ClearTrust Entitlements Server. This causes a sequence of events:

1. ClearTrust does not perceive http://server.acme.com:7001/console to be protected, therefore no logon screen of any kind is displayed, and the user is allowed direct access to the web pages

2. No logon has taken place, therefore no WebLogic roles or privileges have been assigned to the connected user

3. Without any role allocation, the connected user has no ability to actually use any of the console that they are viewing

One of the most important things to note is that no security has been compromised or degraded - the connected user can see "dead" HTML pages that would make up the console, but they can see no secure data nor perform any restricted function.
ResolutionTo correct this issue, the synctool needs to be run to upload resources, roles, and policies from the WebLogic server into ClearTrust. If you are running RSA ClearTrust Agent 3.5.1, then the instructions begin on page 14 of the Installation Manual. If you are using RSA ClearTrust Agent 3.5.2, then the instructions begin on page 16.

Ensure that all resources have been updated (e.g. sync with Policy, Resource, and Role). If you are using the command line tool, then select option 1; if you use the GUI-based tool (in Agent 3.5.2 only), then select Policy sync from the menu.
WorkaroundInstalled RSA ClearTrust Agent
Legacy Article IDa25430