The following instructions describe how to set up a domain-based service to protect the Novell Vibe server. In this example, the published DNS name of the service is Vibe.doc.provo.novell.com. Users would access the Vibe server with a URL similar to http://Vibe.doc.provo.novell.com.
To configure a domain-based service for Vibe, complete the following tasks:
You must create a new reverse proxy before configuring the domain-based proxy service. Configure the Vibe domain as the primary proxy service and enable SSL between the browser and Access Gateway. For information about how to create a new reverse proxy, see Creating a Proxy Service.
Click Devices > Access Gateways > Edit > [Name of Reverse Proxy].
In the Reverse Proxy List, click New, then specify the following details:
Proxy Service Name: Specify a display name for the proxy service that Administration Console uses for its interfaces.
Multi-Homing Type: Select Domain-Based.
Published DNS Name: Specify the DNS name you want the public to use to access your site. This DNS name must resolve to the IP address you set up as the listening address. For example, vibe.doc.provo.novell.com.
Web Server IP Address: Specify the IP address of the Vibe server.
Host Header: Select the Forward Received Host Name option.
Web Server Host Name: Specify the DNS name of the Vibe server.
Click OK.
Click the newly added proxy service, then select the Web Servers tab.
Change the Connect Port to 8080.
If the Novell Vibe server has port forwarding enabled, you do not need to change from the default port 80.
Click TCP Connect Options.
Change the value of Data Read Timeout option to 300 seconds.
This longer timeout is needed for file uploads.
Click OK.
Continue with Configuring Protected Resources.
You must configure an Identity Injection policy to enable single sign-on with Novell Vibe. This Identity Injection policy must be configured to inject the authentication credentials into the authorization headers.
Click Policies > Policies.
Select the policy container, then click New.
Specify a name for the policy, select Access Gateway: Identity Injection, then click OK.
(Optional) Specify a description for the injection policy. This is useful if you plan to create multiple policies to be used by multiple resources.
In the Actions section, click New, then select Inject into Authentication Header.
Specify the following details:
User Name: Select Credential Profile > LDAP User Name.
Password: Select Credential Profile > LDAP Password.
Click OK > OK > Apply Changes.
For more information, see Configuring an Authentication Header Policy.
Assign this policy to the protected resources. You need to create two protected resources, one for HTML content and one for WebDAV and AJAX content.
Click Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Protected Resources.
Create a protected resource for HTML content:
In the Protected Resource List, click New, specify a name, then click OK.
(Optional) Specify a description for the protected resource. You can use it to briefly describe the purpose for protecting this resource.
Specify a value for Authentication Procedure. For example, select the Secure Name/Password - Form contract.
In the URL Path List, remove the /* path and add the following two paths:
/teaming/*
/ssf/*
Click OK.
Create a protected resource for WebDAV and AJAX content:
In the Protected Resource List, click New, specify a unique name, and click OK.
(Optional) Specify a description for the protected resource. You can use it to briefly describe the purpose for protecting this resource.
Click the Edit Authentication Procedure icon.
In Authentication Procedure List, click New, specify a name, and click OK.
Specify the following details:
Contract: Select the Secure Name/Password - Form contract, which is same contract that you selected for the HTML content protected resource.
Non-Redirected Login: Select this option.
Realm: Specify a name that you want to use for the Teaming server. This name does not correspond to a Vibe configuration option. It appears when the user is prompted for credentials.
Redirect to Identity Server When No Authentication Header is Provided: Deselect this option.
Click OK > OK.
For the Authentication Procedure, select the procedure you just created.
In the URL Path List, remove the /* path and add the following paths:
/ssfs/* /ssf/rss/* /ssf/atom/* /ssf/ical/* /ssf/ws/* /ssr/* /rest/*
The /ssfs/* path is for WebDAV content and the /ssf/rss/* path enables non-redirected login for RSS reader connections.
Click OK.
In the Protected Resource List, ensure that the protected resources you created are enabled.
To apply your changes, click Devices > Access Gateways, then click Update.
Continue with Configuring a Rewriter Profile.
Click Devices > Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > HTML Rewriting.
In HTML Rewriter Profile List, click New.
Specify a name for the profile, select Word as the search boundary, and click OK.
In And Document Content-Type Header Is, click New, and specify application/rss+xml.
In Variable or Attribute Name to Search for Is, click New, and specify value as the variable.
Click OK.
Ensure that Enable Rewrite Actions remains selected.
Click OK.
In HTML Rewriter Profile List, move the Word profile you created to be the first profile in the list, and move the default profile to be the second profile in the list.
Click OK.
To apply your changes, click Devices > Access Gateways, Update.
Continue with Creating a Pin List.
NOTE:If Vibe is configured to send the binary content in the JSON format, you must disable the HTML Rewriter to prevent errors.