|Applies To||RSA ClearTrust Agent 3.5.1 for BEA WebLogic|
RSA ClearTrust Agent 3.5.2 for BEA WebLogic
|Issue||BEA WebLogic console has no logon screen for use with RSA ClearTrust|
The administrator is not prompted for username and password when connecting to the BEA WebLogic console
No update functions are visible in the BEA WebLogic console
|Cause||Security for the BEA WebLogic system has been switched over from internal WebLogic security to the third-party security provider that was installed (e.g. ClearTrust). However, no console resources have been marked by ClearTrust to be protected in the ClearTrust Entitlements Server. This causes a sequence of events:|
1. ClearTrust does not perceive http://server.acme.com:7001/console to be protected, therefore no logon screen of any kind is displayed, and the user is allowed direct access to the web pages
2. No logon has taken place, therefore no WebLogic roles or privileges have been assigned to the connected user
3. Without any role allocation, the connected user has no ability to actually use any of the console that they are viewing
One of the most important things to note is that no security has been compromised or degraded - the connected user can see "dead" HTML pages that would make up the console, but they can see no secure data nor perform any restricted function.
|Resolution||To correct this issue, the synctool needs to be run to upload resources, roles, and policies from the WebLogic server into ClearTrust. If you are running RSA ClearTrust Agent 3.5.1, then the instructions begin on page 14 of the Installation Manual. If you are using RSA ClearTrust Agent 3.5.2, then the instructions begin on page 16.|
Ensure that all resources have been updated (e.g. sync with Policy, Resource, and Role). If you are using the command line tool, then select option 1; if you use the GUI-based tool (in Agent 3.5.2 only), then select Policy sync from the menu.
|Workaround||Installed RSA ClearTrust Agent|
|Legacy Article ID||a25430|