cancel
Showing results for 
Search instead for 
Did you mean: 

Virtual Host + Authorization

Imported
Contributor

Virtual Host + Authorization

Hello everyone, I'm having difficulty working with Virtual Host + Authorization.

In my customer environment I have a backend server that is accessed by users and legacy 

applications through the follow URL.

Backend server: "http://myserver.local/subpath-X/subpath-Y" (Subpath-X and Subpath-Y 

names may vary depending on the application or user that will access the server)

My IVE will mediate this traffic now, so I should create a virtual host 

"myserver.mycompany.com" so that when the user access the URL 

"myserver.mycompany.com/subpath-X/subpath-Y" he will be authorized based on your 

Certificate Attributes, and then either redirected to 

"http:/myserver.local/subpath-X/subpath-Y". But according to the admin guide, the 

"Authorization-only" sign-in policy only work with Siteminder as authorization server. 

My customer needs to authorize the access to virtual host based on attributes of the 

User Certificates.

We can't do the publishing using sign-in host and path to URL because it doesn't work 

when the request has variable subpath (the log doesn't show subpaths in LoginURL 

variable).

Someone also went through this situation?

Best regards,
1 REPLY 1
ruc_
Regular Contributor

Re: Virtual Host + Authorization




My IVE will mediate this traffic now, so I should create a virtual host 

"myserver.mycompany.com" so that when the user access the URL 

"myserver.mycompany.com/subpath-X/subpath-Y" he will be authorized based on your 

Certificate Attributes, and then either redirected to 

"http:/myserver.local/subpath-X/subpath-Y".




I did not fully understand your requirements but for setting up something similar to what is described in above paragraph using certificate authentication you will have to do the following:

1. Set up a realm which uses a Certificate authentication server .

2. Ensure you have a resolvable name configured under Network > Hostname

3. Enable 'Browser request follow-through' under Role > Session Options

4. Set up Pass through proxy using virtual hostname options as shown in attached screenshot (myserver.mycompany.com should resolve to the SA)

Now when an end-user accesses https://myserver.mycompany.com/subpath-X/subpath-Y the user will get redirected to the sign-in page where certificate authentication will take place and then user will get redirected to backend via SA.