Configure Resources

You can create resources individually by adding one resource for each of your application's URLs, or use regular expression to create a resource which represents a collection of URLs for your application.

A resource represents a URL or URL Pattern for which you want to restrict access or intend to gve anyone to access. You need the list of resources of your application. See About Enterprise Applications.

Policy mapping is hierarchical in App Gateway. So, order of the resources defined is very important. See the following example:

If the user is accessing a resource /myapp/logout.html, and we have authentication policy in below order:
  1. /.* (public)
  2. /.*/logout.html (Form+logout)
Then policy match stops at point #1 (/.*) and the same policy shall be applied which is "public" in this case.
Similarly, if user is accessing a resource /myapp/logout.html and we have authentication policy in below order.
  1. /.*/logout.html (Form+logout)
  2. /.* (public)
In this case. policy match stops at point 1 (/.*/logout.html) and same policy shall be applied which is "Form+logout".

Something else to be aware of is that applications which do their own login integrations can run into problems when their integrations accessed static resources during login, but the resources were not made public. This causes the login process to fail. To avoid this happening, you should use the public authentication method for your public static resources such as CSS, JavaScript, image files as follows:

  • Group all public static resources together, for example under /myapp/public/resources.
  • State that these directories should use the public authentication method using a regex such as /myapp/public/.*.

To configure resources:

  1. In the Application Details page, click the SSO Configuration tab of your enterprise application page, expand the Resources section, and then click Add to add a resource.
  2. In the Add Resource dialog, provide a name for the resource and the resource URL. If you want to use a regular expression as the resource URL value, then select Regex, so that App Gateway evaluates the Resource URL value as a pattern.

    For example, if you want to protect the application endpoint http://myapp.internal.example.com:3266/private/home, you can enter /private/home as the value for Resource URL. If you want to protect any page under the /private context, then enter /private/.* as value for Resource URL, and select Regex.

    See Use Regular Expressions.