000022052 - How to install only the TAI portion of RSA ClearTrust Agent 4.x for IBM WebSphere

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022052
Applies ToIBM WebSphere Application Server 5.x
IBM WebSphere Portal Server 5.x
RSA ClearTrust Agent 4.5 for IBM WebSphere 5.0.2
RSA ClearTrust Agent 4.5 for IBM WebSphere 5.1
IssueHow to install only the TAI portion of RSA ClearTrust Agent 4.x for IBM WebSphere
ResolutionFollow the steps below to perform a manual installation of the TAI:

1. Copy the RSA ClearTrust Agent .JAR file (rsawas5agent.jar) to the WAS ../lib/ext directory

2. Copy the cleartrust.properties file to the WAS server?s properties folder and configure the TAI-related parameters accordingly (near end of file) as well as the "dispatcher_list" and "ssl" parameters.

3. Log in to the WebSphere admin console

4. Select Authentication Mechanisms - LTPA - Trust Association

5. Make sure TAI is enabled (checkbox) and add the following new Trust Association Interceptor

"com.ibm.wps.sso.RSATrustAssociationInterceptor"

6. Optional: Delete the two default TrustAssociationInterceptors that are not used

7. Save/apply changes

8. Enable Global Security

9. Save/apply changes

10. Restart WebSphere and verify that the RSA TAI was loaded successfully by looking at the startup messages in the SystemOut.log.

NOTE: With RSA ClearTrust Agent 4.5 for IBM WebSphere, the TAI is installed as part of the full Agent install. Some customers use a front-end proxy server for authentication, and only want the TAI for single sign-on (SSO) between the back-end WebSphere servers. They do not wish to utilize the full Agent functionality (e.g. web filter and role-based authentication). In this case, running the Agent installer is not feasible, since it makes quite a few changes to the WebSphere server configuration that are not necessary to take advantage of only the TAI functionality.
WorkaroundTrying to utilize only the TAI single sign-on (SSO) functionality of RSA ClearTrust Agent
Legacy Article IDa29544

Attachments

    Outcomes