Permitting access decisions when runtime security services cannot be contacted

Update the WebSEAL configuration file to change the behavior when runtime security services servers cannot be contacted by the EAS.

By default, if the EAS cannot contact a runtime security services server, the EAS removes the server from the pool of servers. If all of the servers are removed from the pool, WebSEAL returns an error. To prevent the error, we can permit access decisions even if no servers can be contacted. The following instructions show you how to update the WebSEAL configuration file to make this change. Important: When you perform this task, every single request will be permitted only when none of the runtime security services servers are available. This includes access that might not be permitted if the server was available.

Steps

1. Open the WebSEAL configuration file.
2. Add the following entry to the [rtss-eas] stanza:

   permit-when-no-rtss-available = true

   The default value for this entry is false.

3. Save the file.
4. Restart the WebSEAL server for the change to take effect.

If none of the servers are available, the user is always be permitted to access a resource. The access is granted even when the runtime security services server would normally deny access if it was available.

Parent topic: Runtime security services external authorization service