In this configuration the service providers, identity providers and the Common Domain Cookie Service are deployed in the same corporate intranet and the identity providers are not published in the Internet Domain Name Server (DNS). The CDCS is optional.
In this configuration the Gateway points to the service provider, which is the Portal Server. This configuration is valid for multiple instances of the Portal Server.
Log into the Portal Server administration console as administrator.
Select the Secure Remote Access tab and select the appropriate gateway profile to modify its attributes.
The Edit Gateway Profile page is displayed.
Select the Core tab.
Select the Enable Cookie Management checkbox to enable cookie management.
Select the Security tab.
In the Portal Servers field, enter Portal Server names to use the relative URLs such as: /amserver or /portal/dt listed in the Non-Authenticated URLs list. For example:
http://idp-host:port/amserver/js
http://idp-host:port/amserver/UI/Login
http://idp-host:port/amserver/css
http://idp-host:port/amserver/SingleSignOnService
http://idp-host:port/amserver/UI/blank
http://idp-host:port/amserver/postLogin
http://idp-host:port/amserver/login_images
In the Portal Servers field, enter the Portal Server name. For example, /amserver.
Click Save.
Select the Security tab.
In the Non-Authenticated URLs list, add the federation resources. For example:
/amserver/config/federation
/amserver/IntersiteTransferService
/amserver/AssertionConsumerservice
/amserver/fed_images
/amserver/preLogin
/portal/dt
Click Add.
Click Save.
If web proxies are needed to reach the URLs listed in the Non-authenticated URLs list, select the Deployment tab.
In the Proxies for Domains and Subdomains field, enter the necessary web proxies.
Click Add.
Click Save.
From a terminal window, restart the Gateway:
./psadmin start-sra-instance –u amadmin – f <password file> –N <profile name>– t <gateway>