000024231 - SAP Netweaver Integration doesn't work

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024231
Applies ToRSA ClearTrust 4.6 agent
SAP NetWeaver 2004 S
IssueIntegrate SAP Netweaver with ClearTrust
The agent and integration module are correctly configured according to the integration guide, but the JAAS component appears to not receive the ClearTrust cookie/token.
CauseThe name CTSESSION is hardcoded in the integration module; the JAAS component will not recognize a ClearTrust cookie under another name.
ResolutionConfigure the agent to issue the ClearTrust cookie under the name CTSESSION (it's not possible configure multiple cookie names in the agent).  Other workarounds include configuring the web server to copy the cookie header and rewrite the name to CTSESSION at the proxy for SAP Netweaver.
WorkaroundThe name for the ClearTrust cookie, as configured in the agent, is something other than CTSESSION.
NotesLater versions of the integration component change the parameters that specify the dispatchers to use from dispatcher_primary_host/dispatcher_primary_port (and their secondary counterparts) to the common format in the agent and authorization/entitlements server.  If configuring a primary and secondary dispatcher shows no available dispatchers in the JAAS component logs (i.e., the primary and secondary both show a hostname of null), configure a parameter dispatcher_list with <host>:<port>[,<host>:<port>], as you would an agent.
Legacy Article IDa36967