Configuring FQDN Handling in J2EE Agents (Sun OpenSSO Enterprise Policy Agent 3.0 User's Guide for J2EE Agents)

Sun OpenSSO Enterprise Policy Agent 3.0 User's Guide for J2EE Agents

Configuring FQDN Handling in J2EE Agents

To ensure appropriate user experience, the use of valid URLs by users to access resources protected by the agent must be enforced. This functionality is controlled by three separate properties:

FQDN Check (Tab: Global, Name: com.sun.identity.agents.config.fqdn.check.enable): Enables FQDN Check
FQDN Default (Tab: Global, Name: com.sun.identity.agents.config.fqdn.default): Stores the default FQDN value
FQDN Virtual Host Map (Tab: Global, Name: com.sun.identity.agents.config.fqdn.mapping): Sets FQDN mapping

The property labeled FQDN Default provides the necessary information needed by the agent to identify if the user is using a valid URL to access the protected resource. If the agent determines that the incoming request does not have a valid hostname in the URL, it redirects the user to the corresponding URL with a valid hostname. The difference between the redirect URL and the URL originally used by the user is only the hostname, which is now changed by the agent to a fully qualified domain name (FQDN) as per the value specified in this property.

The property labeled FQDN Virtual Host Map provides another way by which the agent can resolve malformed access URLs used by users and take corrective action. The agent gives precedence to entries defined in this property over the value defined in the FQDN Default property. If none of the entries for this property matches the hostname specified in the user request, the agent uses the value specified for FQDN Default property to take the necessary corrective action.

The FQDN Virtual Host Map property can be used for creating a mapping for more than one hostname. This can be done when the deployment container protected by this agent can be accessed using more than one hostname. As an example, consider a protected deployment container that can be accessed using the following host names:

www.externalhostname.com
internalhostname.interndomain.com
IP address

In this case, assuming that www.externalhostname.com is the value assigned to the FQDN Default property, then the FQDN Virtual Host Map property can be configured using OpenSSO Enterprise Console as follows to allow access to the application for users who will use the hostname internalhostname.interndomain.com or the raw IP address, 192.101.98.45:

Map Key: internalhostname.interndomain.com
Corresponding Map Value: internalhostname.interndomain.com

Map Key: 192.101.98.45
Corresponding Map Value: 192.101.98.45

When you are done setting the FQDN Virtual Host Map property as described in this example, it appears in OpenSSO Enterprise Console with the following format:

[internalhostname.interndomain.com] = internalhostname.interndomain.com

[192.101.98.45] = 192.101.98.45