Configuring Protected Resources

You must configure an Identity Injection policy to enable single sign-on with Novell Vibe. This Identity Injection policy must be configured to inject the authentication credentials into the authorization headers.

  1. Click Policies > Policies.

  2. Select the policy container, then click New.

  3. Specify a name for the policy, select Access Gateway: Identity Injection, then click OK.

  4. (Optional) Specify a description for the injection policy. This is useful if you plan to create multiple policies to be used by multiple resources.

  5. In the Actions section, click New, then select Inject into Authentication Header.

  6. Specify the following details:

    User Name: Select Credential Profile > LDAP User Name.

    Password: Select Credential Profile > LDAP Password.

  7. Click OK > OK > Apply Changes.

    For more information, see Configuring an Authentication Header Policy.

    Assign this policy to the protected resources. You need to create two protected resources, one for HTML content and one for WebDAV and AJAX content.

  8. Click Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Protected Resources.

  9. Create a protected resource for HTML content:

    1. In the Protected Resource List, click New, specify a name, then click OK.

    2. (Optional) Specify a description for the protected resource. You can use it to briefly describe the purpose for protecting this resource.

    3. Specify a value for Authentication Procedure. For example, select the Secure Name/Password - Form contract.

    4. In the URL Path List, remove the /* path and add the following two paths:

      /teaming/*
      /ssf/*

    5. Click OK.

  10. Create a protected resource for WebDAV and AJAX content:

    1. In the Protected Resource List, click New, specify a unique name, and click OK.

    2. (Optional) Specify a description for the protected resource. You can use it to briefly describe the purpose for protecting this resource.

    3. Click the Edit Authentication Procedure icon.

    4. In Authentication Procedure List, click New, specify a name, and click OK.

    5. Specify the following details:

      Contract: Select the Secure Name/Password - Form contract, which is same contract that you selected for the HTML content protected resource.

      Non-Redirected Login: Select this option.

      Realm: Specify a name that you want to use for the Teaming server. This name does not correspond to a Vibe configuration option. It appears when the user is prompted for credentials.

      Redirect to Identity Server When No Authentication Header is Provided: Deselect this option.

    6. Click OK > OK.

    7. For the Authentication Procedure, select the procedure you just created.

    8. In the URL Path List, remove the /* path and add the following paths:

      /ssfs/*
/ssf/rss/*
/ssf/atom/*
/ssf/ical/*
/ssf/ws/*
/ssr/* 
/rest/*

      The /ssfs/* path is for WebDAV content and the /ssf/rss/* path enables non-redirected login for RSS reader connections.

    9. Click OK.

  11. In the Protected Resource List, ensure that the protected resources you created are enabled.

  12. To apply your changes, click Devices > Access Gateways, then click Update.

  13. Continue with Configuring a Rewriter Profile.