cancel
Showing results for 
Search instead for 
Did you mean: 

Get web-resource to pass through

SOLVED
Occasional Contributor

Get web-resource to pass through

Hi everyone.

What i am trying to redo right now is this:

Externally we have a DNS-record like community.company.com, this hits a apache web server that proxies it inside with a rewrite, like:

RewriteRule     (.*)                    https://community.company.com/dana/home/launch.cgi?url=http://inside.company.com/$1

As we do not want passthrough-proxy to punch a hole into this page.

 

What we instead want is to have:

https://inside.company.com externally pointing to the SA, and have it somehow passthrough to the internal web server, keeping the dana/home/launch.cgi?url= rewrite. And also the authorization from within the SA to keep it safe.

 

Is this somehow possible? I think i remember there should be some sort of option for this a whole lot of releases ago, but it was not really finished then.

 

Hopefully someone could help me complete this task!

 

Thank you.

11 REPLIES 11
Moderator

Re: Get web-resource to pass through

That does not sound like anything we have ever had. If you give your users the fully rewritten URL and enable browser passthrough on the role, you can have users click on the link, authenticate, and then connect.
Otherwise, they will have to login and manually navigate to the URL.
New Contributor

Re: Get web-resource to pass through

I think you should be able to achieve what you want with a few steps:

 

  • Set external DNS to resolve "inside.company.com" to the external IP address of your PCS appliance.
  • Create a new Role for access to this resource.
  • Under Role -> General -> UI Options, set the custom start page URL to be the URL of your internal web server.
  • Create a new realm for access to this resource
  • Create a role mapping policy for the realm which maps all users to your newly created role
  • Under Authentication -> Signing In -> Sign-In Policies, create a new Sign-In URL of "inside.company.com"
  • Map this new Sign-in URL to your newly created Realm

You should hopefully find that any external users who browse to inside.company.com are presented with a PCS login page.  After logging in, they should be taken directly to your inside.company.com web server through the web re-writer.

Moderator

Re: Get web-resource to pass through

Good point @gduthie; thank you.
@glenna: is this the type of feature you are looking for?
Occasional Contributor

Re: Get web-resource to pass through

Hi @gduthie and @zanyterp !

Sorry for the late reply.

I will test this out and see what happens.

Hopefully it does what i want.

Thank you nevertheless for the efforts given!

Occasional Contributor

Re: Get web-resource to pass through

@zanyterp @gduthie

This works nicely!

I thou have a follow-up question if you have anything smart to say about that:

From external, i want to directly go to a subsite on inside.company.com eg inside.company.com/site/default.php

Is there a way to rewrite this or am i locked down to just get to inside.company.com and from there click my way through to the subsite?

Neverthelss, excellent help from you!

New Contributor

Re: Get web-resource to pass through

I'm glad to know that my suggeston works :-)

 

I haven't tried this yet, but I think you can go to a subsite just by putting the full subsite URL into the Custom Start Page URL on the Role UI Options page.

 

Graham

Occasional Contributor

Re: Get web-resource to pass through

Yes this works as well.

Problem is that we have customers that have different subsites on inside.company.com Smiley Happy

eg like inside.company.com/subsite1/default

inside.company.com/subsite2/default/test.php

and so on.

It may be that this is a unsolvable solution and not something the PCS should handle.

New Contributor

Re: Get web-resource to pass through

Could you set up a different role for each customer with the appropriate different subsite set as the custom start page URL for each of the roles?

 

You would then set the role mapping rule so that customers are mapped into the correct role based on username, AD group, or whatever other criteria makes most sense.

Moderator

Re: Get web-resource to pass through

If you are looking to have users type in/click on inside.company.com/subsite1/default
inside.company.com/subsite2/default/test.php
et cetera, you will need to create a realm, role, and custom sign-in policy for each instance and each role will need to have the appropriate custom start page enabled.