> Administrator Guide > Proxy Resources

Administrator Guide

     Previous  Next    Open TOC in new window    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Proxy Resources

This chapter describes how to configure AquaLogic Ensemble resources. It is divided into the following sections:

 

About Ensemble Resources

Ensemble resources are web applications registered in Ensemble. A registered resource maps an internal URL, accessible by Ensemble, to an external URL, accessible by end users. Any web application can be registered as a resource.

Registering a web application as an Ensemble resource allows Ensemble to do the following:

 

Registering a Resource

You register a resouce in Ensemble using the Ensemble Console. The simplest Ensemble resource has three configured properties:

Once configured, all URLs starting with the Internal URL prefix are accessible via the External URL prefix. For example, if the Internal URL prefix is 

http://internalServer/foo

and the External URL prefix is 

http://externalServer/bar,

the external path

http://externalServer/bar/index.jsp will map to http://internalServer/foo/index.jsp,

and

http://externalServer/bar/baz/index.jsp will map to http://internalServer/foo/baz/index.jsp.

To register a simple resource in Ensemble:

  1. Launch the Ensemble Console.
  2. Click the APPLICATIONS tab.
  3. Click the Resources sub-tab.
  4. To create a new resource, click Create new.
  5. On the General page, in the Name box, type the name of the resource.
  6. On the Connections page, in the Internal URL prefix box, type the URL to the internal web application to be proxied. For example, http://internalServer/foo/.
  7. In the External URL prefixes box, type the URL to be used to access the resource. This URL must be on the Ensemble Proxy server. You may specify a fully-qualified URL or a path relative to the Ensemble Proxy server. For example, http://externalServer/bar/ or just /bar/.
    8. Note: A fully-qualified External URL prefix must include the same port used by the Ensemble Proxy server.
  8. Click Save.

 

Advanced Resource Configuration

This section describes advanced configuration options for Ensemble resources. It is divided into the following sub-sections:

URL Rewriting and DNS

When you enable URL rewriting, the Ensemble Proxy rewrites URLs in the proxied application that begin with the internal URL prefix so that they point to the external URL prefix. Ensemble enables URL rewriting by default.

It is strongly recommended that you disable URL rewriting, especially for production deployments. Disabling URL rewriting has the following benefits:

  1. Ensemble will not rewrite links between Ensemble resources. For example, if you have two applications behind Ensemble, http://foo.company.com/ and http://bar.company.com, links to bar.company.com within the foo.company.com application will not be rewritten. Users clicking these links will be taken to the link destination outside of the context of Ensemble.
  2. Ensemble will not rewrite URLs formed on the client using client-side scripting.
  3. The performance of the application improves.

There are two cases where you should disable URL rewriting:

  1. The internal URL prefix and external URL prefix are identical.

    2. In this case, the user's DNS must resolve the URL to the Ensemble Proxy server, and the Ensemble Proxy server's DNS must resolve the URL to the internal resource. Because DNS only resolves IP and not port, both servers must listen to the same port. This method is strongly recommended.

  2. All links in the application are relative URLs.

    3. In this case, the internal URL prefix path and the external URL prefix path must be identical. For example, if the internal URL prefix is http://internal_server/bar/ the external URL prefix path must be /bar/ or http://proxy_server/bar/.

To disable URL rewriting:

  1. Launch the Ensemble Console.
  2. Click the APPLICATIONS tab.
  3. Click the Resources sub-tab.
  4. Click the resource you want to edit.
  5. On the General page, uncheck the box next to Enable URL Rewriting.
  6. Click Save.

Roles

You can configure Ensemble to send role information to proxied applications. You define the roles available for Ensemble to send to the proxied application within the resource configuration. Policies determine which of these roles Ensemble sends for a given user.

For details on policies and how they map to roles, see Policies and Rules.

Ensemble sends roles in the HTTP header and are accessed by the proxied application using the Proxy IDK. For details on using the Proxy IDK, see the AquaLogic Interaction IDK documentation.

To configure roles to send to a proxied application:

  1. Launch the Ensemble Console.
  2. Click the APPLICATIONS tab.
  3. Click the Resources sub-tab.
  4. Click the resource you want to edit.
  5. On the Roles page, type the names of the role or roles. Click Add to create additional roles.
  6. Click Save.

The roles entered on the Roles page are the values that Ensemble can send to the proxied application, based on what policy or policies are associated with the user.

Proxy Authentication

Proxy Authentication describes how users log into Ensemble resources. Ensemble can facilitate authentication using a variety of methods, including basic authentication, HTML form-based authentication, and integration with third-party SSO products.

For details on Proxy Authentication, see Proxy Authentication.

Credential Mapping

Credential mapping allows Ensemble to automatically supply credentials to proxied applications. The credentials can be a static set used for all users, credentials specific to the user and stored in the user's ALI user profile, or credentials used once by the user and captured and stored by Ensemble in the Credential Vault. The Credential Vault allows users to authenticate once and then be logged in automatically by Ensemble in future accesses to the proxied resource.

For details on credential mapping, see Credential Mapping.

The AquaLogic Interaction Login Token

The AquaLogic Interaction login token allows the Ensemble resource to access the AquaLogic Interaction IPortletContext object. By default, the AquaLogic Interaction login token is not passed to the proxied resource.

To pass the login token to the proxied resource:

  1. Launch the Ensemble Console.
  2. Click the APPLICATIONS tab.
  3. Click the Resources sub-tab.
  4. Click the resource you want to edit.
  5. On the CSP page, select Send login token.
  6. Click Save.

  Back to Top       Previous  Next