000022121 - How to add RSA ClearTrust attributes as user properties in order to export to header

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022121
Applies ToRSA ClearTrust 5.5.3
Microsoft Windows 2000 Server SP3
Microsoft Active Directory
LDAP datastore
IssueHow to add RSA ClearTrust attributes as user properties in order to export to header
ResolutionThe following workaround will enable a ClearTrust administrator to add standard attributes as user properties for the purpose of exporting them to the HTTP header:

1. Edit the ldap.conf file and modify the mapped attribute to point to something other than the CT attribute. For example, if you wanted to be able to export the ctscPasswordExpirationDate attribute to the header, you would modify the following parameter:

    cleartrust.data.ldap.user.attributemap.passwordexpirationdate: ctscPasswordExpirationDate


    cleartrust.data.ldap.user.attributemap.passwordexpirationdate: dummyattribute

2. Restart the EServer

3. Open the ClearTrust Entitlements Manager (Admin GUI) and add ctscPasswordExpirationDate as a user property (make sure to check the box to make the user property exportable)

4. Edit the ldap.conf file again to reverse the change made in step #1

5. Restart the AServer & EServer

6. Add this new user property to the cleartrust.agent.userprops parameter (in the webagent.conf) on any web server to which you want to publish this property in the header
Legacy Article IDa27048