|Applies To||IBM WebSphere Application Server 5.x|
IBM WebSphere Portal Server 5.x
RSA ClearTrust Agent 4.5 for IBM WebSphere 5.0.2
RSA ClearTrust Agent 4.5 for IBM WebSphere 5.1
|Issue||How to install only the TAI portion of RSA ClearTrust Agent 4.x for IBM WebSphere|
|Resolution||Follow the steps below to perform a manual installation of the TAI:|
1. Copy the RSA ClearTrust Agent .JAR file (rsawas5agent.jar) to the WAS ../lib/ext directory
2. Copy the cleartrust.properties file to the WAS server?s properties folder and configure the TAI-related parameters accordingly (near end of file) as well as the "dispatcher_list" and "ssl" parameters.
3. Log in to the WebSphere admin console
4. Select Authentication Mechanisms - LTPA - Trust Association
5. Make sure TAI is enabled (checkbox) and add the following new Trust Association Interceptor
6. Optional: Delete the two default TrustAssociationInterceptors that are not used
7. Save/apply changes
8. Enable Global Security
9. Save/apply changes
10. Restart WebSphere and verify that the RSA TAI was loaded successfully by looking at the startup messages in the SystemOut.log.
NOTE: With RSA ClearTrust Agent 4.5 for IBM WebSphere, the TAI is installed as part of the full Agent install. Some customers use a front-end proxy server for authentication, and only want the TAI for single sign-on (SSO) between the back-end WebSphere servers. They do not wish to utilize the full Agent functionality (e.g. web filter and role-based authentication). In this case, running the Agent installer is not feasible, since it makes quite a few changes to the WebSphere server configuration that are not necessary to take advantage of only the TAI functionality.
|Workaround||Trying to utilize only the TAI single sign-on (SSO) functionality of RSA ClearTrust Agent|
|Legacy Article ID||a29544|