Sun Java System Portal Server Secure Remote Access 7.2 Administration Guide

Configuring Gateway Attributes Using the Command Line Options

This section provides the command line options to configure Gateway attributes from the terminal window for the following tasks:

To Manage Storage of External Server Cookies

When the Store External Server Cookies option is enabled, Gateway stores and manages cookies for any third party application or server that is accessed through the Gateway. Although the application or server cannot service cookieless devices or depends on cookies for state management, Gateway transparently masks the application or server from knowing that the Gateway is servicing a cookieless device.

For information on cookieless devices and client detection, see the Access Manager Customization and API Guide.

Type the following command and press Enter to manage storage of external server cookies.

To enable:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a CookieManagement true

To disable:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a CookieManagement false

To get attribute value:

PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a CookieManagement

To Enable Marking Cookies as Secure

When a cookie is marked as secure, the browser treats the cookie with additional security. The implementation of security depends on the browser. The Enable Cookie Management attribute must be enabled for this to work.

Type the following command and press Enter to mark cookies as secure.

To enable:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a MarkCookiesSecure true

To disable:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a MarkCookiesSecure false

To get the attribute value:

PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a MarkCookiesSecure

To Create List of URLs for Proxies Not to be Used

The Gateway tries to connect directly to the URLs listed in the Do Not Use Webproxy URLs list. A webproxy is not used to connect to these URLs.

Type the following command and press Enter to manage URLs for proxies not to be used.

Note –

Separate each URL with a blank space where there are more than one URL.

To specify URLs not to be used:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a DontUseWebProxyURL -A "LIST_OF_URLS"

To add to the existing list of URLs:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a DontUseWebProxyURL -A "LIST_OF_URLS"

To remove from the existing list of URLs:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a DontUseWebProxyURL -E "LIST_OF_URLS"

To get the existing list of URLs:

PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a DontUseWebProxyURL

To Manage RuleSet to URI Mapping

Secure Remote Access supports Microsoft Exchange 2000 SP3 installation and MS Exchange 2003 of Outlook Web Access (OWA).

To add a URI to the existing list:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile default -a DomainsAndRulesets -A "URI|RULE_SET_NAME URI|RULE_SET_NAME"

To remove a URI from the existing list:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile default -a DomainsAndRulesets -E "URI|RULE_SET_NAME URI|RULE_SET_NAME"

To get the existing list:

PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a DomainsAndRulesets

Type the following command and press Enter to manage RuleSet for Outlook Web Access.

To add a RuleSet

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile default -a DomainsAndRulesets -A "EXCHANGE2000_SERVER_NAME exchange_2000sp3_owa_ruleset"

To remove a RuleSet:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile default -a DomainsAndRulesets -E "EXCHANGE2000_SERVER_NAME exchange_2000sp3_owa_ruleset"

To set a list of URIs to RuleSet mappings:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a DomainsAndRulesets "URI|RULE_SET_NAME URI|RULE_SET_NAME"

To Specify the Default Domain

The default domains are useful when URLs contain only the host names without the domain and subdomain. In this case, the Gateway assumes that the host names are in the default domain list, and proceeds accordingly.

For example, if the host name in the URL is host1, and the default domain and subdomain are specified as red.sesta.com, the host name is resolved as host1.red.sesta.com.

Type the following command and press Enter to specify the default domains.

To set default domain:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a DefaultDomainsAndSubdomains "DOMAIN_NAME"

To get the default domain:

PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a DefaultDomainsAndSubdomains

To Manage MIME Guessing

Rewriter depends on the MIME type of the page to choose the parser. Some web servers such as WebLogic and Oracle do not send MIME types. To work around this, you can enable the MIME guessing feature by adding data to the Map Parser to URIs list box.

Type the following command and press Enter to manage MIME guessing.

To enable MIME guessing:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a EnableMIMEGuessing true

To disable MIME guessing:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a EnableMIMEGuessing false

To get value:

PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a EnableMIMEGuessing

To Create a List of URI Mappings to Parse

If the MIME Guessing checkbox is enabled and the server has not sent a MIME type, use this list box to map the parser to the URI.

Multiple URIs are separated by a semicolon.

For example HTML=*.html; *.htm;*Servlet. This means that the HTML Rewriter is used to rewrite the content for any page with a html, htm, or Servlet extension.

Type the following command and press Enter to create a list of URI mappings to parse.

To set a list of URI mappings to parse:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a MIMEMap

To add to the existing list:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a MIMEMap -A LIST

To remove from the existing list:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a MIMEMap -E LIST

To get the existing list:

PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME-a MIMEMap

To Manage Masking

Masking allows Rewriter to rewrite a URI so that the intranet URL of a page is not seen.

Type the following command and press Enter to manage masking.

To enable masking:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a EnableObfuscation true

To disable masking:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a EnableObfuscation false

To get value:

PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a EnableObfuscation

To Specify the masking Seed String

A seed string is used for masking a URI. A masking algorithm generates the string.

Note –

Book marking of an masked URI may not work if this seed string has been changed or if the Gateway is restarted.

Type the following command and press Enter to specify the masking seed string.

To set the masking seed string:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a ObfuscationSecretKey SECRET_KEY

To get the value:

PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a ObfuscationSecretKey

To Create a List of URIs Not to Mask

Some applications (such as an applet) require an Internet URI and cannot be masked. To specify those applications, add the URI to the list box.

For example if you added */Applet/Param* to the list box, the URL would not be masked if the content URI http://abc.com/Applet/Param1.html is matched in the RuleSet rule.

Note –

Separate each URI with a blank space where there are more than one URI.

Type the following command and press Enter to create a list of URIs not to mask.

To set a list of URIs not to mask:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a NotToObscureURIList LIST_OF_URI

To add to the existing list:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a NotToObscureURIList -A LIST_OF_URI

To remove from the existing list:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a NotToObscureURIList -E LIST_OF_URI

To get the existing values:

PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a NotToObscureURIList

To Make a Gateway Protocol the Same as the Original URI Protocol

When a Gateway runs in both HTTP and HTTPS mode, you can enable Rewriter to use a consistent protocol to access the referred resources in the HTML content.

For example, if the original URL is http://intranet.com/Public.html then the http Gateway is added. If the original URL is https://intranet.com/Public.html then the https Gateway is added.

Note –

This applies only to static URIs and not to dynamic URIs generated in Javascript.

Type the following command and press Enter to make a Gateway protocol the same as the original URI protocol.

To enable:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a UseConsistentProtocolForGateway true

To disable:

PS_INSTALL_DIR/bin/psadmin set-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a UseConsistentProtocolForGateway false

To get the value:

PS_INSTALL_DIR/bin/psadmin get-attribute -u amadmin -f PASSWORD_FILE -m gateway --gateway-profile PROFILE_NAME -a UseConsistentProtocolForGateway

Configuring Gateway Attributes Using the Command Line Options

To Manage Storage of External Server Cookies

See also

To Enable Marking Cookies as Secure

See also

To Create List of URLs for Proxies Not to be Used

See also

To Manage RuleSet to URI Mapping

See also

To Specify the Default Domain

See also

To Manage MIME Guessing

See also

To Create a List of URI Mappings to Parse

See also

To Manage Masking

See also

To Specify the masking Seed String

See also

To Create a List of URIs Not to Mask

See also

To Make a Gateway Protocol the Same as the Original URI Protocol

See also