The connector for Simple Proxy enables reverse proxy access to an enterprise web server behind your firewall. It can support web services that employ user identity information to control access or display if you enable the identity injection policies that insert an authenticated user’s identity attributes in query strings or headers of requests it sends to the web server. For more information, see Section 10.2, Viewing or Customizing the Attributes for Identity Injection.
For each proxy web service, the web service’s content should be self-contained in that path. If the service depends on files that reside in parallel paths on the web server, you can specify a path at a higher level in the document root’s directory structure, or reorganize the site’s contents as needed.
The connector for Simple Proxy does not support the following:
Protected resources that require a password: This proxy solution cannot be used with protected web services or applications that require an LDAP password to be included in the identity injection. The appliance cannot send a user’s password for a proxy application to the back end web service.
If the web server needs the user’s password, you must find a workaround. For example, you could specify a static string that is accepted for all users.
Site redirects: This proxy solution does not support site redirects to locations outside the protected path. It cannot follow paths to alternate websites.
IMPORTANT:The Access Gateway for NetIQ Access Manager provides solutions for more complex reverse proxies that support password injection and redirects. For more information, see Managing Reverse Proxies and Authentication
in the NetIQ Access Manager Access Gateway Guide.
Before you configure a connector for Simple Proxy, ensure that your setup meets the following requirements:
A CloudAccess system, installed and configured.
A web server, configured and running behind the corporate firewall. Ensure that you have configured the authentication procedures and identity injection policy for the web service.
You need the following information:
The primary DNS name or IP address of the web server.
Alternative DNS names or IP addresses for the web server, if any.
The port number that the web server uses to listen for requests, such as 8080 (non-secure) or 8443 (secure SSL).
If the web server requires it, secure communications with HTTPS.
If you use HTTPS, the value that you specify for the web server’s DNS name or IP address in the connector must match the CN in the web server's SSL certificate.
Determine which web services you need to protect for your web server, and which users require access to each one.