cancel
Showing results for 
Search instead for 
Did you mean: 

Web Resource (External) with Remote SSO using POST

Frequent Contributor

Web Resource (External) with Remote SSO using POST

We are trying to create a landing page for some external partners.  On that landing page we want to include both internal and external (internet) resources.  So far so good.  One of those external resources we'd like to pass the current user ID to as a HTTP POST.  Seems possible.  Just can't get it to work.

 

Opened a ticket. Not sure if JTAC understands us and we them.  Thought I'd ask here since you guys seems to know these things really, really well.

 

Here is what we've done so far:

Added external fqdn to System | Network | Overview | DNS Domains (read a juniper tech doc saying it was needed)

Created a Web App Resource Profile with Single Sign-on

SSO defined as Remote SSO | POST the following data.

 

Example URL w/forms parameters that works when going direct (not through SSL VPN)

http://test.testcorp.com/testclient/faces/customerList.xhtml?brokerId=broker2

 

What we are seeing - SSL VPN never passes POST name / value

 

We are running 7.2 R3 code.  Thanks!

8 REPLIES 8
Super Contributor

Re: Web Resource (External) with Remote SSO using POST

Hi,

 

This should work.

 

Please attach a http watch taken with version 7 or less for the direct access without going through SA

 

Regards,

Jay

Frequent Contributor

Re: Web Resource (External) with Remote SSO using POST

Here is the http watch from the site.  Thx for taking a look.

Super Contributor

Re: Web Resource (External) with Remote SSO using POST

Just to make sure, the SA is rewriting the external resource, correct?  I can't imagine you could do a SSO form POST to a resource which was not being rewritten.

 

Ken

Super Contributor

Re: Web Resource (External) with Remote SSO using POST

These are the value I found

 

POST URL : http://jb.sitacorp.com/jbclient/faces/broker.xhtml

Parameter                           Value

j_idt9                                   j_idt9 
j_idt9:j_idt12                        testaccount  
j_idt9:j_idt14_editableInput    sunny  
j_idt9:j_idt14_input               sunny 
j_idt9:j_idt18   
javax.faces.ViewState         -1561150858555089789:6834917585508214746

 

I am not sure which is your domain username which you want to pass as a variable <username>

 

What about j_idt9 and j_idt9:j_idt12 , are these static values or dynamic values?

 

For the viewstate, I guess you can put the value as found in the http watch though it might be dynamic

 

Regards,

Jay

Highlighted
Frequent Contributor

Re: Web Resource (External) with Remote SSO using POST

j_idt9:j_idt12 would be what we'd want to pass the username to.  Not sure what the other values even are.

 

So what would the setup of this look like?

Frequent Contributor

Re: Web Resource (External) with Remote SSO using POST

Ken, it is not being rewritten right now.  When we use rewriting it fails to load the page.

Super Contributor

Re: Web Resource (External) with Remote SSO using POST

I can't imagine that you can do a form post without rewriting the page.  It might depend on whether rewriting policies are applied before form post policies.  Can someone more knowledgable give us a definitive answer on this point?

 

Does the load of the page ehdn rewritten fail because you do not have a proxy server and proxy policies defined?  The only way to get an external page rewritten is for the SA to be able to fetch it through the internal interface of the appliance.  At least in my network, the only way to do that is to go outbound through a proxy.

 

Ken

Super Contributor

Re: Web Resource (External) with Remote SSO using POST

Hi,

 

If the URL is not rewritten by the Juniper, it would not be possible to do a form post

 

Thanks,

Jay