Weblogic agent (identity asserter) does not allow cookie name other than CTSESSION
3 years ago
Originally Published: 2014-11-13
Article Number
000062017
Applies To
RSA Access Manager Weblogic Agent version 5.0 for Weblogic
Issue
The ClearTrustIdentityAsserter will only use a cookie named CTSESSION that is set during build time in IdenntityAsserter.xml file and does not read the value from cleartrust_realm.properties for cleartrust.agent.cookie_name.
Resolution
Fix has been in product since hot fix 4.7.0.06 Currently the following is the name of the tool jar once called agentttools.jar axm-wls-agent-tools-5.0.jar. Note: Class-path needs to be set prior to running the utility. Suggestion is to simply update any one of the existing scripts (for ex. runCacheTool.sh) with the appropriate utility class name and then execute. axm-wls-agent-tools-5.0.jar. Note: Class-path needs to be set prior to running the utility. Suggestion is to simply update any one of the existing scripts (for ex. runCacheTool.sh) with the appropriate utility class name and then execute. 1. Copy axm-wls-agent-tools-5.0.jar to AGENT_ROOT/tools/lib folder. 2. Change the value of the property "cleartrust.agent.cookie_name" to the desired name in cleartrust_realm.properties file. Location of this property file is : BEA_HOME/user_projects/domains\/properties And AGENT_ROOT/properties folders. 3. Start the Weblogic server. 4. Open Command prompt.Set the classpath for wljmxclient.jar file. Location of this file is: BEA_HOME/wlserver_10.0/server/lib 5. Append the classpath for axm-wls-agent-tools-5.0.jar file which you have copied in Step 1. 6. Run the EditCTTokenName class with appropriate host name, port, user id, password and desired token name.However token name should be same as what you set in Step 2. You can also provide realm name and Identity Asserter name but they are not mandatory.Default values for these are ClearTrustRealm and ClearTrustIdentityAsserter respectively. Example: java com.rsa.cleartrust.weblogic.security.tools.EditCTTokenName -h localhost -po 7001 -u weblogic -pass weblogic -token [-realm ] [-asserter ]. 7. Restart the Weblogic server.
Don't see what you're looking for?