|Applies To||RSA ClearTrust 4.7.1 Authentication Server|
RSA ClearTrust 4.7 Authentication Server
RSA ClearTrust 4.7.1
RSA ClearTrust 4.7
|Issue||ClearTrust: How can access to the Entitlements Manager be made more secure?|
ClearTrust Entitlements Manager currently requires only a login and a password
ClearTrust Entitlements Manager uses only reusable passwords
|Cause||ClearTrust Entitlements Manager does not support user certificates or SecurID authentication|
|Resolution||There are two alternatives (not exclusive) to enhance the security of the ClearTrust Entitlements Manager:|
1. Enable SSL in the application server. For instance, the JRun "SSL Management" menu in the left pane of the administrative console allows you to configure SSL connections between the JRun Web server and its clients.
2. Use the ClearTrust Agent for BEA WebLogic 6.1-SP1 to run the ClearTrust Entitlements Manager:
a) Install the ClearTrust Entitlements Manager GUI (WAR deployment) on WebLogic as described in the ClearTrust Installation and Configuration Manual
b) Install the ClearTrust Agent for BEA WebLogic 6.1 on the machine where the ClearTrust Entitlements Manager GUI was installed
c) Create the necessary entitlements/rules to protect the resource used to access the ClearTrust Entitlements Manager GUI, e.g. "/admingui"
NOTE: Given you will be using the ClearTrust Entitlements Manager GUI to create an entitlement to restrict access to itself, you have to be particularly careful. Any error in the entitlements configuration might lock you out of the ClearTrust Entitlements Manager GUI completely. As a result, you will have to manually disable the ClearTrust WebLogic Agent.
|Legacy Article ID||a12800|