Configuring Custom Web Applications Resource Profile (NSM Procedure)
A custom Web application resource profile is a resource profile that controls access to a Web application, Web server, or HTML page.
To configure a custom Web application resource profile:
- In the NSM navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to configure the Web application resource profile.
- Click the Configuration tab, and select Users > Resource Profiles > Web to create a custom Web resource profile.
- Click the New button, the New dialog box appears.
- Add or modify settings as specified in Table 1.
- Click one:
- OK—Saves the changes.
- Cancel—Cancels the modifications.
Table 1: Configuring Custom Web Applications Resource Profile Details
| Option | Function | Your Action |
|---|---|---|
| Settings tab | ||
Name | Specifies a unique name for the resource profile. | Enter the name. |
Description | Specifies a description for the resource profile. | Enter the description. |
Type | Specifies the type of resource profile. | Select Custom from the Type drop–down list. |
| Base URL | ||
Base URL | Specifies the URL of the Web application or page for which you want to control access. | Enter the URL using the format: [protocol://]host [:port][/path] |
| Autopolicy: Web Access Control > Rules tab | ||
Name | Specifies the name for the policy that allows or denies users access to the resource specified in the Base URL box. | Enter the name. |
Action | Allows or denies user access to the resource. | Select Allow or Deny from the Action drop–down list. |
Resources | Specifies the resource for which this policy applies. | Enter the resource name. |
| Autopolicy: Basic Authentication, NTLM or Kerberos Single Sign-On | ||
Resource | Specifies the resource for which this policy applies. | Specify the resource. |
Authentication Type | Specifies the authentication type. | Select the authentication type. |
| Autopolicy: From POST Single Sign-On | ||
Resource | Specifies the application’s sign-in page. | Enter the path, such as: http://my.domain.com/ public/login.cgi. Note: Do not enter wildcard characters in this box. |
POST URL | Specifies the absolute URL where the application posts the user’s credentials. | Enter the URL, such as: http://yourcompany.com/login.cgi. |
Deny direct login for this resource | Prevents users from manually entering their credentials in a sign-in page. (Users may see a sign-in page if the form POST fails.) | Select the Deny direct login for this resource check box to enable this option. |
Allow multiple POSTs to this resource | Allows the Secure Access device to send POST and cookie values to the resource multiple times if required. If you do not select this option, the Secure Access device does not attempt single sign-on when a user requests the same resource more than once during the same session. | Select the Deny direct login for this resource check box to enable this option. |
| POST Variables | ||
Label | Specifies the label that appears on a user’s preferences page in the Secure Access device. This field is required if you either enable or require users to modify data to post to back-end applications. | Enter the label name. |
Name | Identifies the data in the Value box. | Enter the name. |
Value | Specifies a value to post to the form. | Enter the value. You can enter static data or a system variable. |
User Modifiable? | Allows or denies user to change the information in the Value box. | Select any one of the following option:
|
| Autopolicy: Cookies and Headers Single Sign-On | ||
Resource | Specifies the resources to which this policy applies to post header data to the specified URL when a user makes a request to a resource. | Specify the resource. |
Header name | Specifies the text for the Secure ccess device to send as header data. | Enter the name. |
Header Value | Specifies the value for the specified header. | Enter the value. |
| Autopolicy: Caching | ||
Name | Specifies the policy name. | Enter a name. |
Action | Specifies the action to perform by the cache cleaner on the resource. | Select one of the following option:
|
Resource | Specifies the resources to which this policy applies. | Enter the resource name. |
| Autopolicy: Java Applet Access Control | ||
Name | Specifies the name of the policy. | Enter the policy name. |
Server Resource | Specifies the server resources to which this policy applies. | Enter the path using the format: host:[ports]. |
Action | Allows or denies Java applets to connect to the servers | Select one of the following options:
|
Sign Java applets with uploaded code-signing certificate(s) | Resigns the specified resources using the uploaded certificate. | Select the Sign Java applets with uploaded code-signing certificate(s) check box to enable this option. |
| Autopolicy: Rewriting Options > Passthrough Proxy tab | ||
Use virtual hostname | Specifies the hostname alias for the application server. When the Secure Access device receives a client request for the application server hostname alias, it forwards the request to the specified application server port in the Base URL box. | Enter the hostname. |
Use IVE port | Specifies a unique Secure Access device port in the range 11,000-11,099. | Enter the port in the range 11,000-11,099. |
Rewrite XML | Allows Secure Access device to rewrite URLs contained within XML content. If this option is disabled, the Secure Access device passes the XML content “as is” to the server. | Select the Rewrite XML tab check box to enable this option. |
Rewrite external links | Allows Secure Access device to rewrite all the URLs presented to the proxy. If this option is disabled, the Secure Access device rewrites only those URLs where the hostname is configured as part of the passthrough proxy policy. | Select the Rewrite external links check box to enable this option. |
Block cookies from being sent to the browser | Allows Secure Access device to block cookies destined for the client’s browser. The Secure Access device stores the cookies locally and sends them to applications whenever they are requested. | Select the Block cookies from being sent to the browser check box to enable this option. |
Host-Header forwarding | Allows Secure Access device to pass the hostname as part of the host header instead of the actual host identifier. | Select Host-Header forwarding to enable this option. |
| Autopolicy: Rewriting Options > No rewriting (use JSAM) > JSAM Parameters | ||
Server Hostname or IP | Specifies the DNS name of the application server or the server IP address. | Enter the DNS name of the application server or the server IP address. |
Server Port | Specifies the port on which the remote server listens for client connections. | Enter the port. |
Localhost IP | Specifies a static loopback address. If you do not provide a static IP loopback address, the Secure Access device assigns an IP loopback address dynamically. | Enter the IP address. |
Client Port | Specifies the port on which JSAM should listen for client application connections. | Enter the port. |
Launch JSAM | Automatically starts JSAM when the Secure Access device encounters the base URL. | Select the Launch JSAM check box to enable this option. |
| Autopolicy: Rewriting Options > No rewriting (use JSAM) > Allowed WSAM Servers | ||
Network Destination | Specifies resources for which WSAM secures client/server traffic between the client and the Secure Access device. By default, the Secure Access device extracts the correct server from the Web access control policy. You may choose to use this server as-is, modify it, and/or add new servers to the list. | Enter the hostname (the wild cards '*' or '?' are accepted) or an IP/netmask pair. Specify multiple ports for a host as separate entries. |
| Autopolicy: Rewriting Options > No rewriting tab | ||
No rewriting | Automatically creates a selective rewriting policy for the autopolicy’s URL. | Select the No rewriting check box to enable this option. |
| Autopolicy: Web Compression | ||
Name | Specifies the policy name. | Enter the policy. |
Action | Allows the Secure Access device to compress the supported content type for the specified resource. | Select one of the following options:
|
Resource | Specifies the resources to which this policy applies. | Enter the resource name. |
| Settings tab > Type > Custom > Bookmarks > General | ||
Name | Specifies the name of the bookmark. | Enter the name. |
Description | Describes the bookmark. | Enter the description. |
URL | Adds a suffix to the URL if you want to create links to subsections of the domain defined in the primary resource profile. | Enter a suffix to the URL. |
Open New Window | Allows the enable Secure Access device to automatically open the Web resource in a new browser window. | Select the Open New Window check box to enable this option. |
Do Not Display Address Bar | Removes the address bar from the browser. | Select the Do Not Display Address Bar check box to enable this feature. |
Do Not Display Tool Bar | Removes the menu and toolbar from the browser. This feature removes all menus, browsing buttons, and bookmarks from the browser window so that the user browses only through the Secure Access device. | Select the Do Not Display Tool Bar check box to enable this feature. |
Applies to roles | Specifies the roles to which you want to display the bookmark. | Select any one of the following options:
|
| Settings tab > Type > Custom > Bookmarks > Role Selections | ||
Role Selections | Specifies the roles to which the resource profile applies. | Select the role, and click Add. |
