Sun GlassFish Web Space Server 10.0 Secure Web Access Add-On Guide

Chapter 3 SWA Administration

The Gateway Admin Portlet provides the user interface for SWA administration through the SWA-datastore component of the Secure Web Access Add-On. After installing the SWA-administration component, you can access Gateway Admin Portlet can be accessed from the control panel of Web Space Server.

Gateway Admin Portlet

The Gateway Admin Portlet has the following tabs:

Rewriter Tab

Use this tab to configure the Rewriter settings.

Rewriting of All URIs

If this option is enabled, all URLs are rewritten. If this option is disabled, only intranet URLs are rewritten. Intranet URLs are the URLs with hosts that are in the domains or subdomains listed in the Proxies for Domains and Subdomains list under the Proxy tab. This option is disabled by default.

URIs Not to Rewrite

This list indicates URLs that will not be rewritten even when Rewriting of All URIs is enabled. Use the Add Row and Delete Row buttons to add URLs to the list and remove URLs from this list.

Map URIs to RuleSets

Indicates which RuleSet to apply for a particular URL. You can use the Add Row button to add an URI and a RuleSet for it. Similarly, you can use the Delete Row button to delete a row corresponding to a URI and a RuleSet. The default Rulesets are, inotes_ruleset, exchange_2000sp3_owa_ruleset, exchange_2003_owa_ruleset, sap_portal_ruleset, iplanet_mail_ruleset, and default_gateway_ruleset.

Map Parser to MIME Types

Indicates which parser to use for a particular MIME type. You can use the Add Row and Delete Row tabs to add and delete rows for a parser and its associated MIME types.

Map Parser to URIs

Indicates which parser to use for a resource with a particular extension. You can use the Add Row and Delete Row tabs to add and delete rows for a parser and its associated URIs.

RuleSet Tab

Use this tab to manage the Rewriter rulesets. For information on how to write a Rewriter ruleset, see Chapter 4, Working with Rewriter.

Proxy Tab

Use this tab to configure the proxy settings of the Gateway.

Use Proxy

Use a proxy server to connect to origin servers if this flag is enabled. This option is disabled by default.

Proxies for Domains and Subdomains

The proxy server to use for an origin server in the specified domain and subdomain. If a proxy is not specified for a given domain and subdomain, or if the Use Proxy option is disabled, a direct connection will be made. The entries in this list are also used by the Rewriter. The Rewriter rewrites all URLs whose domains match the domains listed in this list.

Proxy Password List

Specify the user name and password required for the Gateway to authenticate to a specified proxy server, if the proxy server requires authentication to access some or all the sites.

Miscellaneous Tab

Use this tab to configure the miscellaneous Gateway settings.

Default Domain and Subdomain

The default domains are useful when URLs contain only the host names without the domain and subdomain. In this case, the Gateway assumes that the host names are in the default domain list and proceeds accordingly.

Default Landing URL

This field indicates the URL of the destination page to show if the Gateway is accessed without a destination being specified. If this attribute is not set, a page with a text field is shown.

Cookies That Are Forwarded Unchanged

The cookies set by origin servers are usually transformed to act as if they were set by the Gateway when sending the response to the web clients. The cookies specified in this list are forwarded to the web clients unchanged. This option is useful for SSO cookies when a policy agent used to protect the Gateway is expected from the SSO server.

About the Gateway

The Gateway provides the interface and security barrier between remote user sessions originating from the Internet and your corporate intranet. The Gateway securely presents content from internal web servers and application servers through a single interface to a remote user.

The Gateway resides in the demilitarized zone (DMZ). The Gateway provides a single secure access point to all intranet URLs and applications, thus reducing the number of ports to be opened in the firewall. All other Web Space Server services reside behind the DMZ in the secured intranet. Communication from the client browser to the Gateway is encrypted using HTTP over Secure Sockets Layer (SSL). Communication from the Gateway to the server and intranet resources can be either HTTP or HTTPS.

In Secure Mode, SSL is used to encrypt the connection between the client and the Gateway over the Internet. SSL can also be used to encrypt the connection between the Gateway and the server. The presence of the Gateway between the intranet and the Internet extends the secure path between the client and the Web Space Server.

The swa-gateway component of the Secure Web Access Add-On holds the Gateway functionality. After you install the gateway component, you can access Web Space Server through the Gateway. Consider a simple deployment where you are installing Web Space Server and the three SWA components on a single machine. If http://machine-name:8080 is the URL for the local instance of Web Space Server, you can send HTTP and HTTPS requests to access the gateway using the URL http://machine-name:8080/gateway/index.jsp. You can type a URL in the Enter the URL you want to access: box and click Go to access a web application. In this scenario, type http://machine-name:8080 to be redirected to your Web Space Server instance.

For the detailed instructions about how to use a Gateway to access an OpenSSO or Access Manager Policy Agent, see Chapter 5, Policy Agent.