This chapter describes how to configure AquaLogic Ensemble resources. It is divided into the following sections:
Ensemble resources are web applications registered in Ensemble. A registered resource maps an internal URL, accessible by Ensemble, to an external URL, accessible by end users. Any web application can be registered as a resource.
Registering a web application as an Ensemble resource allows Ensemble to do the following:
You register a resouce in Ensemble using the Ensemble Console. The simplest Ensemble resource has three configured properties:
Once configured, all URLs starting with the Internal URL prefix are accessible via the External URL prefix. For example, if the Internal URL prefix is
http://internalServer/foo
and the External URL prefix is
http://externalServer/bar,
http://externalServer/bar/index.jsp
will map to http://internalServer/foo/index.jsp
,
http://externalServer/bar/baz/index.jsp
will map to http://internalServer/foo/baz/index.jsp
.
To register a simple resource in Ensemble:
http://internalServer/foo/
.http://externalServer/bar/
or just /bar/
.Note: | A fully-qualified External URL prefix must include the same port used by the Ensemble Proxy server. |
This section describes advanced configuration options for Ensemble resources. It is divided into the following sub-sections:
When you enable URL rewriting, the Ensemble Proxy rewrites URLs in the proxied application that begin with the internal URL prefix so that they point to the external URL prefix. Ensemble enables URL rewriting by default.
It is strongly recommended that you disable URL rewriting, especially for production deployments. Disabling URL rewriting has the following benefits:
There are two cases where you should disable URL rewriting:
In this case, the user's DNS must resolve the URL to the Ensemble Proxy server, and the Ensemble Proxy server's DNS must resolve the URL to the internal resource. Because DNS only resolves IP and not port, both servers must listen to the same port. This method is strongly recommended.
In this case, the internal URL prefix path and the external URL prefix path must be identical. For example, if the internal URL prefix is http://
internal_server/bar/
the external URL prefix path must be /bar/
or http://
proxy_server/bar/
.
You can configure Ensemble to send role information to proxied applications. You define the roles available for Ensemble to send to the proxied application within the resource configuration. Policies determine which of these roles Ensemble sends for a given user.
For details on policies and how they map to roles, see Policies and Rules.
Ensemble sends roles in the HTTP header and are accessed by the proxied application using the Proxy IDK. For details on using the Proxy IDK, see the AquaLogic Interaction IDK documentation.
To configure roles to send to a proxied application:
The roles entered on the Roles page are the values that Ensemble can send to the proxied application, based on what policy or policies are associated with the user.
Proxy Authentication describes how users log into Ensemble resources. Ensemble can facilitate authentication using a variety of methods, including basic authentication, HTML form-based authentication, and integration with third-party SSO products.
For details on Proxy Authentication, see Proxy Authentication.
Credential mapping allows Ensemble to automatically supply credentials to proxied applications. The credentials can be a static set used for all users, credentials specific to the user and stored in the user's ALI user profile, or credentials used once by the user and captured and stored by Ensemble in the Credential Vault. The Credential Vault allows users to authenticate once and then be logged in automatically by Ensemble in future accesses to the proxied resource.
For details on credential mapping, see Credential Mapping.
The AquaLogic Interaction login token allows the Ensemble resource to access the AquaLogic Interaction IPortletContext object. By default, the AquaLogic Interaction login token is not passed to the proxied resource.
To pass the login token to the proxied resource: