Chapter 3 Working With Proxylet

This chapter describes Proxylet which enables users to access intranet web pages through the Gateway without parsing the web pages.

Working with Proxylet

Overview of Proxylet

Proxylet is a Java applet that sets itself as a proxy server on the client machine. Proxylet reads and modifies the proxy settings in the Proxy Auto Config (PAC) file on the client machine so that the proxy settings point to the local proxy server (Proxylet).

Proxylet inherits the transport mode from the Gateway. If the Gateway is configured to run on SSL, Proxylet establishes a secure channel between the client machine and the Gateway or destination server. For encryption, Proxylet uses the JSSE API if the client JVM is 1.4 or higher or if the required jar files reside on the client machine. Otherwise it uses the KSSL API. Decryption occurs on the client machine.

The domain and subdomain for URLs that are to be directed to the Gateway are specified in the gateway profile. If a URL is not part of a domain that the gateway handles, the request is directed to the Internet. If a particular URL domain is listed in the gateway profile, then Proxylet resets the client proxy settings to point to the Gateway.

Proxylet supports client-side authentication if a Personal Digital Certificate (PDC) is enabled at the Gateway. To check whether PDC is enabled, see Obtaining Client Information.

Proxylet is enabled from the Portal Server administration console where the client IP address or proxy host name and port are specified. If Proxylet is enabled, it checks the client machine for the following information:

• Appropriate browser permissions

• Whether the browser is IE 6.0 sp2, IE 7, and Firefox 2.0

• Whether the machine or device can run a server application

If all the requirements are satisfied, an applet is downloaded and launched on the client machine. When the client does not have JRE 1.4.2 or later installed, then JRE is automatically downloaded with Proxylet if you have both internet connectivity and administration privileges.

When Proxylet is used, the proxy settings are retrieved from the Proxy Auto Configuration (PAC) file or from the proxy configuration list.

Make sure users know that when using the Proxylet applets, browser pop-up blockers must be disabled.

HTTPS Support

Proxylet supports HTTPS with the following results:

• Decryption is done at the client server.

• Destination servers can accessed when running in SSL mode.

• Client certificates are directly presented to the destination server.

• Basic authentication single-sign (SSO) is not supported at the gateway. (The Gateway can not insert SSO information in http headers.)

• URL-based access control is not supported, only host-based access control.

• External accelerators and external Reverse proxies in front of the gateway are not currently supported.

  ---

  Note –

  This support is not for Proxylet when Portal Server uses HTTPS.

  ---

Advantages of Using Proxylet

Unlike Rewriter, Proxylet requires little or no postinstallation changes. Integration with third party software such as Microsoft Exchange Server is easy. Also the performance of the Gateway increases because Proxylet does not touch web content. Because Proxylet does not modify content or change the data, users can download any type of content, such as tar and gzip files.

Configuring Proxylet

For information on enabling and configuring, Proxylet, see Chapter 13, Configuring Proxylet.

If the user does not have the appropriate Java Virtual Machine (JVM) to run Proxylet, the browser connects to the sun web site to download the Java Runtime Environment. If the user's browser settings do not contain the correct values or if the user is using direct proxy settings without access to the Internet, then Proxylet cannot be downloaded.