Configuring the Basic Options
About the Cookie Management Attribute
Many web sites use cookies to track and manage user sessions. When the Gateway routes requests to web sites that set cookies in the HTTP header, the Gateway either discards or passes-through those cookies in the following manner:
-
Cookies are not rewritten if Enable Cookie Management attribute is not selected in the Gateway service. So, the cookies from the browser might not reach the intranet hosts and vice-versa.
-
Gateway rewrites cookies if the Enable Cookie Management attribute is selected. Gateway ensures that the cookies from the browser reach the intended intranet hosts and vice-versa.
This setting does not apply to the cookies used by Portal Server to track Portal Server user sessions. The setting is controlled by the configuration of the URLs to which User Session Cookie is Forwarded URL option.
This setting applies to all web sites that the user is permitted to access (that is, you cannot choose to discard cookies from some sites and retain cookies from others).
Note –
Do not remove URLs from the Cookie Domain list, even in a Gateway without cookies. See the Access Manager Administration Guide for information on the Cookie Domain list.
About the HTTP Basic Authentication Attribute
HTTP basic authentication can be set in the Gateway service.
Web sites may be protected with HTTP Basic Authentication, requiring visitors to enter a username and password before viewing the site (the HTTP response code is 401 and WWW-authenticate: BASIC). Portal Server can save the username and password so that users need not re-enter their credentials when they revisit BASIC-protected web sites. These credentials are stored in the user profile on the directory server.
This setting does not determine whether or not a user may visit BASIC-protected sites, but only whether the credentials the user enters are saved in the user\qs profile.
This setting applies to all web sites that the user is permitted to access (that is, HTTP basic authentication caching cannot be enabled for some sites and disabled for others).
Note –
Browsing to URLs served by Microsoft\qs Internet Information Server (IIS) protected by Windows NT challenge/response (HTTP response code 401, WWW-Authenticate: NTLM) instead of BASIC authentication is not supported.
You can also enable single sign-on using the Access Control service in the administration console.
About the Portal Servers Attribute
You can configure multiple Portal Servers for the Gateway to service requests. While installing the Gateway, you would have specified the Portal Server that the Gateway needs to work with. This Portal Server is listed in the Portal Servers field by default. You can add more Portal Servers to the list in the format http://portal- server-name:port number. The Gateway tries to contact each of the Portal Servers listed in a round robin manner to service the requests.
About the URLs to Which User Session Cookie is Forwarded Attribute
Portal server utilizes a cookie to track user sessions. This cookie is forwarded to the server when the Gateway makes HTTP requests to the server (for example, when the desktop servlet is called to generate the user\qs desktop page). Applications on the server use the cookie to validate and identify the user.
The Portal Server\qs cookie is not forwarded to HTTP requests made to machines other than the server, unless URLs on those machines are specified in the URLs to which User Session Cookie is Forwarded list. Adding URLs to this list therefore enables servlets and CGIs to receive the Portal Server\qs cookie and use the APIs to identify the user.
URLs are matched using an implicit trailing wildcard. For example, the default entry in the list:
http://server:8080
causes the cookie to be forwarded to all URLs starting with http://server:8080.
Adding:
http://newmachine.eng.siroe.com/subdir
causes the cookie to be forwarded to all URLs starting with that exact string.
For this example, the cookie is not forwarded to any URLs starting with "http://newmachine.eng/subdir", since this string does not start with the exact string in the forward list. To have cookies forwarded to URLs starting with this variation of the machine\qs name, an additional entry has to be added to the forward list.
Similarly, the cookie is not forwarded to URLs starting with "https://newmachine.eng.siroe.com/subdir" unless an appropriate entry is added to the list.
About the Obtain Session from URL Attribute
When the Obtain Session from a URL option is selected, session information is encoded as part of the URL, whether cookies are supported or not. This means that the Gateway uses the session information found in the URL for validation rather than using the session cookie that is sent from the client’s browser.
To Configure the Basic Options
-
Log onto the Portal Server administration console as administrator.
-
Select the Secure Remote Access tab and click the profile name to modify its attributes.
-
Select the Core tab.
-
Modify the following attributes:
Attribute Name
Description
Cookie Management
Select the Enable checkbox to enable cookie management.
By default, this option is selected.
HTTP Basic Authentication
Select the Enable HTTP Basic Authentication checkbox to enable HTTP basic authentication.
Portal Servers
Enter the Portal Server in the format http://portal-server-name:port-number in the field and click Add.
Repeat this step to add more Portal Server to the Portal Server list.
URLs to which User Session Cookie is Forwarded
Enter the URL to which User Session Cookie is Forwarded and click Add.
Repeat this step to add more URLs to the URLs to which the User Session is Forwarded list.
Gateway Minimum Authentication Level
Enter the authentication level.
By default, an asterisk is added to allow authentication at all levels.
Obtain Session from URL
Select Yes to retrieve information on a session from a URL.
By default, the No option is selected.
- © 2010, Oracle Corporation and/or its affiliates