000019829 - ClearTrust: How can access to the Entitlements Manager be made more secure?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019829
Applies ToRSA ClearTrust 4.7.1 Authentication Server
RSA ClearTrust 4.7 Authentication Server
RSA ClearTrust 4.7.1
RSA ClearTrust 4.7
IssueClearTrust: How can access to the Entitlements Manager be made more secure?
ClearTrust Entitlements Manager currently requires only a login and a password
ClearTrust Entitlements Manager uses only reusable passwords
CauseClearTrust Entitlements Manager does not support user certificates or SecurID authentication
ResolutionThere are two alternatives (not exclusive) to enhance the security of the ClearTrust Entitlements Manager:

1. Enable SSL in the application server. For instance, the JRun "SSL Management" menu in the left pane of the administrative console allows you to configure SSL connections between the JRun Web server and its clients.

2. Use the ClearTrust Agent for BEA WebLogic 6.1-SP1 to run the ClearTrust Entitlements Manager:
        a) Install the ClearTrust Entitlements Manager GUI (WAR deployment) on WebLogic as described in the ClearTrust Installation and Configuration Manual
        b) Install the ClearTrust Agent for BEA WebLogic 6.1 on the machine where the ClearTrust Entitlements Manager GUI was installed
        c) Create the necessary entitlements/rules to protect the resource used to access the ClearTrust Entitlements Manager GUI, e.g. "/admingui"

NOTE: Given you will be using the ClearTrust Entitlements Manager GUI to create an entitlement to restrict access to itself, you have to be particularly careful. Any error in the entitlements configuration might lock you out of the ClearTrust Entitlements Manager GUI completely. As a result, you will have to manually disable the ClearTrust WebLogic Agent.
Legacy Article IDa12800

Attachments

    Outcomes