In this case, see if when users update the profile when they access the password ,management server via passthrough proxy, if there is a redirected URL which is different from the backend URL for which passthrough proxy is configured

You can download httpwatch software from www.httpwatch.com i.e the basic edition and see if the redirected URL is different when it updates the profile, in that case try checking rewrite external links option under Passthrough proxy configuration

Did you try publishing this via rewriter without configuring a passthrough proxy policy ?

Can you confirm you are rewriting the server? Why are you using passthrough proxy vs standard rewriting?

@JayLaiz:

Ended up using burp suite to filter the http proxy logs and the redirected url is not different from the backend URL. I took out the pass through proxy option because it kept breaking my link so as we speak the Link on the role is just through a web acl to the password server.

When you say publish via rewriter do you mean going to web options on the role and checking "Rewrite file://url" option? I'm not sure I'm understanding your question.

@zanyterp:

I don't manage the password server, so I'm not sure if rewrite is even enabled on the server. I can check with admin of the server and get back to you. I'm assuming it does because in the logs when hit the web page it does redirect to the different pages within the web page index.

---

dtlam76 wrote:

@zanyterp:

I don't manage the password server, so I'm not sure if rewrite is even enabled on the server. I can check with admin of the server and get back to you. I'm assuming it does because in the logs when hit the web page it does redirect to the different pages within the web page index.

 

---

The rewrite is on the IVE/SA device. You are using the passthrough proxy mechanism now; does the full rewrite change the behavior?

The option both JayLaiz & I are referring to is Users>User Roles>RoleName>Web and have a bookmark here. And then at Users>Resource Policies>Web>Selective Rewriting use a rewrite rule to rewrite the content automatically (should be the default option); then under the passthrough proxy link on the same heading, have nothing configured there.

Ok so I finally figured out the problem and it had nothing to do with the pass through proxy. I decieded to start from scratch, so I deleted the bookmark link, web acl's and pass through proxy settings for the password managment server that we were using on the IVE for that particular external user Role.

I added the bookmark back in the role and created a web resource policy for the password server to allow access to all resources. In the Web Application Resource Profile, I noticed that the "auto single sign-on" options were enabled for NTLM so out of curiosity, I changed the option to allow auto policy to auth through kerberos and retested.

Bamm it worked! Apparently NTLM auth allowed users to log in but somewhere in the backend they were using Kerberos to auth back to the front end. That explained why users could log in to the password mangement ui but when they were trying to go to other places on the server they were presented with the 404 message. Also it explained why the server was so slow when it was being queried.

thank you guys for replying to my thread and at least giving me options to look at I appreciate it.

thank you for the update; glad you found a solution that is working successfullt