SmartLink configuration DME Server 3.5

Similar documents
How to Configure SSL VPN Portal for Forcepoint NGFW TECHNICAL DOCUMENT

Object of this document

Trusted Login Connector (Hosted SSO)

5/15/2009. Introduction

Genesys Interaction Recording Solution Guide. Deploying SpeechMiner for GIR

2018/03/23 00:39 1/10 8. Web monitoring. To perform web monitoring Zabbix server must be initially configured with curl (libcurl) support.

WHY CSRF WORKS. Implicit authentication by Web browsers

Cloud Access Manager Overview

The following topics provide more information on user identity. Establishing User Identity Through Passive Authentication

3.1 Getting Software and Certificates

Mitel MiContact Center Enterprise WEB APPLICATIONS CONFIGURATION GUIDE. Release 9.2

BIG-IP Access Policy Manager : Visual Policy Editor. Version 12.1

FUEGO 5.5 WORK PORTAL. (Using Tomcat 5) Fernando Dobladez

Session 8. Reading and Reference. en.wikipedia.org/wiki/list_of_http_headers. en.wikipedia.org/wiki/http_status_codes

Configuring Request Authentication and Authorization

Integration Guide. LoginTC

NX-API. About NX-API. Transport. Message Format. About NX-API, page 1 Using NX-API, page 2

BI Office. Web Authentication Model Guide Version 6

Webthority can provide single sign-on to web applications using one of the following authentication methods:

Enterprise Access Gateway Management for Exostar s IAM Platform June 2018

Authentify SMS Gateway

Microsoft ISA 2006 Integration. Microsoft Internet Security and Acceleration Server (ISA) Integration Notes Introduction

The Rockefeller University I NFORMATION T ECHNOLOGY E DUCATION & T RAINING. VPN Web Portal Usage Guide

CNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies

How to Set Up External CA VPN Certificates

BIG-IP Access Policy Manager : Portal Access. Version 12.1

also supports JSON output format for specific commands.

Black Box DCX3000 / DCX1000 Using the API

Connector for Microsoft SharePoint 2013, 2016 and Online Setup and Reference Guide

Google Search Appliance Connectors

Cisco Content Transformation Engine (CTE) 1400 Series Configuration Note

Integration with Exchange 2003

Create and Apply Clientless SSL VPN Policies for Accessing. Connection Profile Attributes for Clientless SSL VPN

Lotus IBM Lotus Notes Domino 8 Developing Web Applications. Download Full Version :

HTTP 1.1 Web Server and Client

DEVELOPER GUIDE PIPELINE PILOT INTEGRATION COLLECTION 2016

Configuring Content Authentication and Authorization on Standalone Content Engines

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

Network Policy Controller UAM/RADIUS Guide

Realms and Identity Policies

Advanced Service Design. vrealize Automation 6.2

How to Configure Authentication and Access Control (AAA)

MULTI FACTOR AUTHENTICATION USING THE NETOP PORTAL. 31 January 2017

Advanced Clientless SSL VPN Configuration

XML Web Service? A programmable component Provides a particular function for an application Can be published, located, and invoked across the Web

Identity Policies. Identity Policy Overview. Establishing User Identity through Active Authentication

Dell One Identity Cloud Access Manager 8.0. Overview

Secure Container DME. SecureContainer - DME is available for ios and Android.

Google Search Appliance

VMware AirWatch Integration with F5 Guide Enabling secure connections between mobile applications and your backend resources

WatchGuard AP - Remote Code Execution

WHITE PAPER. Good Mobile Intranet Technical Overview

NetDespatch Velocity Connector User Guide

Administration Guide. 05 Apr TM and copyright Imagicle spa

Oracle Eloqua Legacy Authenticated Microsites and Contact Users. Configuration Guide

Udemy for Business SSO. Single Sign-On (SSO) capability for the UFB portal

Configure Settings and Customize Notifications on FindIT Network Probe

etrac ATOM Android App Setup Guide

Apparo Fast Edit. Installation Guide 3.1.1

Novell Access Manager

Coveo Platform 6.5. Microsoft SharePoint Connector Guide

HTTP 1.1 Web Server and Client

Integration with Exchange 2007/2010

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007

What You Need to Use this Book

Aventail ST2 SSL VPN New Features Guide

Troubleshooting Single Sign-On

Real-Time Connectivity Specifications

Novell Access Manager

Release Notes. Dell SonicWALL SRA Release Notes

TECHNOLOGY Introduction The Difference Protection at the End Points Security made Simple

Troubleshooting Single Sign-On

Session 9. Deployment Descriptor Http. Reading and Reference. en.wikipedia.org/wiki/http. en.wikipedia.org/wiki/list_of_http_headers

Access SharePoint using Basic Authentication and SSL (via Alternative Access URL) with SP 2016 (v 1.9)

Combating Common Web App Authentication Threats

Client 2. Authentication 5

NotifySCM Integration Overview

Generic IP Camera Driver

EasyMorph Server Administrator Guide

Live Data Connection to SAP Universes

SAML-Based SSO Solution

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

Establishing two-factor authentication with Barracuda SSL VPN and HOTPin authentication server from Celestix Networks

Connector Administrator Guide, Release 3.X

All requests must be authenticated using the login and password you use to access your account.

AT&T Global Smart Messaging Suite

Web Application Proxy

Web Services in Cincom VisualWorks. WHITE PAPER Cincom In-depth Analysis and Review

Coveo Platform 7.0. Microsoft SharePoint Legacy Connector Guide

Tech Note. ConnectWise PSA Integration

Realms and Identity Policies

Introduction to application management

VMware Tunnel Guide for Windows

VMware Tunnel on Windows. VMware Workspace ONE UEM 1810

HTTP 1.1 Web Server and Client

AppSpider Enterprise. Getting Started Guide

VMware Tunnel on Linux. VMware Workspace ONE UEM 1811

Basic Configuration GuidE

Installing MySQL Subscriber Database

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

Transcription:

SmartLink configuration DME Server 3.5 Document version: 1.3 Date: 2010-03-22 Circulation/Restrictions: Internal/Excitor partners Applies to: DME Server 3.5

Table of contents SmartLink configuration...3 How it works...3 Setting up the SmartLink configuration file...4 Site specification...4 Specification of HTTP protocol-based authentication...5 Specification of form-based authentication...5 Examples...6 Form-based authentication...6 Protocol-based authentication...6 Table of contents Page 2 of 6

SmartLink configuration DME SmartLink allows integration to internal, web-based document management systems. With DME SmartLink, users can access internal documents directly via the DME client when not on the internal networks. As an add-on module introduced in DME 3.0, SmartLink allows employees to access web links (URLs) to documents directly from within the body of an e-mail. In order to avoid exposing the systems to the entire Internet, DME proxies these requests, authenticates as the user, retrieves the documents and presents them to the user. How it works The way SmartLink works can be illustrated as in the following diagram: SmartLink configuration Page 3 of 6

When the DME client parses an open e-mail for web links in order to make them active, it matches each link with a list of smart links. This list is retrieved from the server as part of the system information settings, and is maintained in the SmartLink group of settings on the server. The list could for instance look like this: https://intranet.company.com http://public.company.com With this list, the DME client would for instance recognize the link https://intranet.company.com/docs/documents/3429459435/brochure.doc as a SmartLink. When the user clicks the link, the client will attempt to send a download request for the document from the intranet portal to the DME server, rather than attempting to display it in a browser (which would fail if the device is not connected to the internal LAN by VPN). The DME connector set up to provide SmartLinks checks the resource request from the client against a SmartLink configuration file. Based on rules in this file, the server will act as a proxy and authenticate against the server which contains the resource, using standard HTTP authentication mechanisms (Basic, NTLM, or Digest Authentication) or Form-Based Authentication (FBA). DME will pass the user s credentials to the resource server. If successful in logging in and finding the resource, the DME server presents the resource to the client, which in turn downloads it to the encrypted DME area, and opens it using the default application for instance Pocket Word or QuickOffice. In case of failure, the server sends an error message to the client instead. If a link is recognized as a SmartLink, but no rules or configuration have been set up for the site in question, DME first inspects the response from the site before attempting any authentication. If the request requires authentication, DME will attempt an authentication based on the username and password entered on the device in the following order: For secure sites (HTTPS): Basic, NTLM, Digest. For regular HTTP sites: NTLM, Digest, Basic. This is the default configuration. Setting up the SmartLink configuration file The setup of SmartLink client match strings is described in the DME Server Administration Guide (http://documentation.excitor.com/server/3_5/index.htm?topic=3896). The SmartLink configuration file is an XML file called smartlinkconfig.xml, which should be located in the conf directory of the connector responsible for providing the SmartLink service (see the online help for the Connector setup > Functions page in the DME Server Administration Web Interface). On Linux, this is at /var/dme/instances/base/connector/conf (where base is the default DME instance på Linux). On Windows, the path is C:\program files\dmeconnector\conf. If SmartLink is enabled on multiple connectors, each connector must have a copy of the SmartLink configuration file. Apart from the xml root tag (smartlinkconfig), the file contains one <sites> tag, which may contain any number of <site> tags. Each site is defined within a set of <site> tags. The definition of a site has the form <sitename> followed by either <AuthConfig> or <FbAuthConfig>. Site specification The <site> specification consists of the following tags. Note that unless otherwise specified, all tags are parenthetical that is, they must be closed by a corresponding </ > tag. <sitename> This is the name of the site on which the resource should be found. This must match one of the sites listed in Device settings on the DME server. <sitename> https://sharepoint.company.com</sitename> <AuthConfig> Optional This tag defines protocol-based access to the site. You must use this or the <FBAuthConfig> tag. SmartLink configuration Page 4 of 6

<FbAuthConfig> Optional This tag defines form-based authentication access to the site. You must use this or the <AuthConfig> tag. Specification of HTTP protocol-based authentication DME supports the following authentication protocols: Basic, NTLM, and Digest. For detailed information about these protocols, see http://en.wikipedia.org/wiki/basic_authentication, http://en.wikipedia.org/wiki/ntlm, and http://en.wikipedia.org/wiki/digest_authentication, respectively. The following tags apply to protocol-based authentication. <username> In this tag you can specify a username used for the authentication. Optional, Enter a username in this tag if all DME users should have the same access to the current site. If you leave the tag empty, DME will use the credentials sent in from the device. <username>exampleuser</username> <password> In this tag you can specify the password of the user specified in the username Optional, tag. If you leave the tag empty, DME will use the credentials sent in from the device. <domain> In this tag you can specify a domain, if the site requires an AD domain. Optional, If you are using NTLM authentication, and you do not specify a domain in this tag, DME will attempt to extract a domain from the username from the device (anything after a @ in the username). Specification of form-based authentication The tags used for protocol-based authentication also apply here: <username>, <password>, and <domain>. Apart from these, you can specify the following tags: <posturl> This is the URL to which DME will post the login request when the site specified in <sitename> is matched. <posturl> https://sharepoint.company.com/login.aspx</posturl> <usernamefield> <passwordfield> This is the HTML name of the field that holds the username on the authentication page to which the <posturl> tag refers. The username will be entered in this field. If the website requires special encoding, you can add that information as an encoding attribute. If encoding is not specified, utf-8 is used by default. Only specify this if the default does not work. <usernamefield encoding= ISO-8859-1 >sp_user</usernamefield> This is the HTML name of the field that holds the password on the authentication page to which the <posturl> tag refers. The password will be entered in this field. See usernamefield above for a description of the encoding attribute. <passwordfield encoding= ISO-8859-1 >sp_pw</passwordfield> SmartLink configuration Page 5 of 6

Examples The following are short examples of different SmartLink configurations. Form-based authentication The following example logs the user on to the Excitor Partner site. The example posts the default credentials (username and password used on the device) to the fields Username and Password at <posturl>. The post is successful if a header called Set-Cookie is returned with a value starting with DW_Extranet. <sites> <site> <sitename>http://www.excitor.com</sitename> <FbAuthConfig> <posturl> <![CDATA[http://www.excitor.com/Default.aspx?ID=78&Purge=True]]> </posturl> <usernamefield encoding="iso-8859-1">username</usernamefield> <passwordfield encoding="iso-8859-1">password</passwordfield> </FbAuthConfig> </site> </sites> Note that if a string contains characters that have special meaning in XML, you can always wrap the string in <![CDATA[ ]]>. This applies to the posturl string above, which contains an &. This is standard functionality in XML parsers. Protocol-based authentication The following example attempts to log a user on to the local Sharepoint site, which is located at https://sharepoint. For credentials, the username from the device is used, and the domain name is hardcoded (excitor.local). Basic authentication is attempted first, then NTLM. <sites> <site> <sitename>https://sharepoint</sitename> <AuthConfig> <domain>excitor.local</domain> <authtypes>basic, NTLM</authTypes> </AuthConfig> </site> </sites> SmartLink configuration Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback