000021753 - RSA ClearTrust Agent 3.5.2 for BEA WebLogic 8.1 does not set header variables

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021753
Applies ToRSA ClearTrust Agent 3.5.2 for BEA WebLogic 8.1
Microsoft Windows 2000 Server SP4
BEA WebLogic 8.1 SP2

dumpvars.jsp

Header Variables
IssueRSA ClearTrust Agent 3.5.2 for BEA WebLogic 8.1 does not set header variables
The ct_remote user and user properties are not expressed in the header variables
CauseThis is by design. The security model for Weblogic is based on the idea of a session. RSA ClearTrust Agent 3.5.2 for BEA WebLogic 8.1 expresses authentication information in the session object.
ResolutionUse the following code to retrieve the ct_remote User variable:

    session.getAtrribute("CT_REMOTE_USER")

Here is sample code to enumerate the header and session variables.  Save this code as a JSP and deploy it as a protected application on your Weblogic server.

<%@ page import="java.util.*" %>
<HEAD><TITLE> Test Web Agent Headers </TITLE></HEAD>
<H1> request.getHeaderNames()</H1>
<TABLE>
<%
 Enumeration headerNames = request.getHeaderNames();
    while(headerNames.hasMoreElements()) {
      String headerName = (String)headerNames.nextElement();
      out.println("<TR><TD>" + headerName);
      out.println("    <TD>" + request.getHeader(headerName));
    }
%>
</TABLE>
<H1> session.getAttributeNames()</H1>
<TABLE>
<TR><TD COLSPAN=2>SESSION ATTRIBUTES</TD></TR>
<%
 Enumeration attributeNames = session.getAttributeNames();
    while(attributeNames.hasMoreElements()) {
      String attributeName = (String)attributeNames.nextElement();
      out.println("<TR><TD>" + attributeName);
      out.println("    <TD>" + session.getAttribute(attributeName));
    }
%>

REMOTE USER<%=session.getAttribute("CT_REMOTE_USER")%>
</TABLE>

Legacy Article IDa24846

Attachments

    Outcomes