This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
  • RSA.com
  • Products
    • Archer®
      • Archer®
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Archer® Exchange
      • Training
      • Upcoming Events
      • Videos
    • RSA® Fraud & Risk Intelligence Suite
      • RSA® Fraud & Risk Intelligence Suite
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Web Threat Detection
      • Upcoming Events
      • Videos
    • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Cloud
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Upcoming Patch Content
      • Videos
    • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication Mobile SDK
      • Advisories
      • Events
      • Ideas
      • Knowledge Base
      • Request Access
      • Training
    • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Events
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® Adaptive Authentication for eCommerce
      • RSA® Adaptive Authentication for eCommerce
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Ideas
      • Knowledge Base
      • Training
      • Videos
    • RSA® FraudAction Services
      • RSA® FraudAction Services
      • Advisories
      • Discussions
      • Documentation
      • Ideas
      • Videos
    • RSA® Web Threat Detection
      • RSA® Web Threat Detection
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Videos
    • RSA NetWitness® Platform
      • RSA NetWitness® Platform
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Integrations
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • RSA NetWitness® Detect AI
      • RSA NetWitness® Detect AI
      • Documentation
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA NetWitness® Investigator
      • RSA NetWitness® Investigator
      • Documentation
      • Download the Client
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA NetWitness® Orchestrator
      • RSA NetWitness® Orchestrator
      • Overview
      • Documentation
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
    • RSA SecurID® Suite
      • RSA SecurID® Suite
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Knowledge Base
      • Ideas
      • Integrations
      • Training
      • Videos
    • RSA® Identity Governance & Lifecycle
      • RSA® Identity Governance & Lifecycle
      • Advisories
      • Blog
      • Community Exchange
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • RSA SecurID® Access
      • RSA SecurID® Access
      • Advisories
      • Blog
      • Discussions
      • Documentation
      • Downloads
      • Ideas
      • Integrations
      • Knowledge Base
      • Training
      • Upcoming Events
      • Videos
    • Other RSA® Products
      • Other RSA® Products
      • RSA® Access Manager
      • RSA® Data Loss Prevention
      • RSA® Digital Certificate Solutions
      • RSA enVision®
      • RSA® Federated Identity Manager
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
      •  
  • Resources
    • Advisories
      • Product Advisories on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Hosted
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Product Advisories
    • Blogs
      • Blogs on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Blogs on RSA Link
    • Discussion Forums
      • Discussion Forums
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Discussion Forums on RSA Link
    • Documentation
      • Product Documentation
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Documentation on RSA Link
    • Downloads
      • Product Downloads
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Downloads on RSA Link
    • Ideas
      • Idea Exchange
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® FraudAction Services
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Documentation on RSA Link
    • Knowledge Base
      • Knowledge Base
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication Mobile SDK
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Knowledge Base Pages on RSA Link
    • Upcoming Events on RSA Link
      • Upcoming Events
    • Videos
      • Videos on RSA Link
      • Archer®
      • RSA® Adaptive Authentication Cloud
      • RSA® Adaptive Authentication On-Premise
      • RSA® Adaptive Authentication On-Premise (Cassandra)
      • RSA® Adaptive Authentication for eCommerce
      • RSA® Identity Governance & Lifecycle
      • RSA NetWitness® Platform
      • RSA SecurID® Access
      • RSA® Web Threat Detection
      • All Videos on RSA Link
  • Support
    • RSA Link Support
      • RSA Link Support
      • News & Announcements
      • Getting Started
      • Support Forum
      • Support Knowledge Base
      • Ideas & Suggestions
    • RSA Product Support
      • RSA Product Support
      • General Security Advisories and Statements
      • Product Life Cycle
      • Support Information
      •  
      •  
      •  
      •  
      •  
  • RSA Ready
  • RSA University
    • Certification Program
      • Certification Program
    • Course Catalogs
      • Course Catalogs
      • Archer®
      • RSA NetWitness® Platform
      • RSA SecurID® Suite
    • On-Demand Subscriptions
      • On-Demand Subscriptions
      • Archer®
      • RSA NetWitness® Platform
      • RSA SecurID® Suite
    • Product Training
      • Product Training
      • Archer®
      • RSA® Fraud & Risk Intelligence Suite
      • RSA® Identity Governance & Lifecycle
      • RSA NeWitness® Platform
      • RSA SecurID® Access
    • Student Resources
      • Student Resources
      • Access On-Demand Learning
      • Access Virtual Labs
      • Contact RSA University
      • Enrollments & Transcripts
      • Frequently Asked Questions
      • Getting Started
      • Learning Modalities
      • Payments & Cancellations
      • Private Training
      • Training Center Locations
      • Training Credits
      • YouTube Channel
    • Upcoming Events
      • Upcoming Events
      • Full Calendar
      • Conferences
      • Live Classroom Training
      • Live Virtual Classroom Training
      • Webinars
Sign In Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
Announcements

Visit the Known Issues dashboard if you are experiencing issues on RSA Link

View Dashboard

RSA SecurID® Access Cloud Authentication Service Documentation

Browse the official RSA SecurID Access Cloud Authentication Service documentation for helpful tutorials, step-by-step instructions, and other valuable resources.
  • RSA Link
  • :
  • Products
  • :
  • RSA SecurID Suite
  • :
  • RSA SecurID Access
  • :
  • Cloud Authentication Service
  • :
  • Documentation
  • :
  • Add an Application Using Trusted Headers
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
  • Options
    • Subscribe to RSS Feed
    • Bookmark
    • Subscribe
    • Email to a Friend
    • Printer Friendly Page
    • Report Inappropriate Content
Versions
Collections
All Downloads

Table of Contents

  •   Introduction
    •   Overview
    •   Educating Your Users
    •   Release Notes
    •   Videos
  •   Planning and Deployment
    •   Deployment Overview
    •   Quick Setup for RADIUS Client Deployment
    •   Quick Setup for SAML App Deployment
    •   Quick Setup for SSO Deployment
    •   Quick Setup for POC Deployment
  •   Administration
    •   View All Administration Documentation
    •   Protect Resources
    •   RSA Authentication Manager Integration
    •   Manage Identity Routers
    •   Manage Access Policies
  •   Developer Information
    •   RSA SecurID Authentication API
    •   Custom Web Application Portals
    •   Cloud Administration APIs

Product Resources

  •   Advisories
    •   Product Advisories
    •   Security Advisories
    •   Service Notifications
    •   Technical Advisories
  •   Blog
  •   Discussions
  •   Documentation
    •   Authentication Agents
      •   API / SDK
      •   Apache Web Server
      •   Citrix StoreFront
      •   IIS Web Server
      •   Microsoft AD FS
      •   Microsoft Windows
      •   PAM
    •   Authentication Engine
    •   Authentication Manager
    •   Cloud Authentication Service
    •   Hardware Tokens
    •   MFA Agents
      •   macOS
      •   Microsoft Windows
    •   Software Tokens
      •   Android
      •   Blackberry
      •   Blackberry 10
      •   iOS
      •   macOS
      •   Token Converter
      •   Windows
      •   Windows Phone
  •   Downloads
    •   Authentication Agents
      •   API / SDK
      •   Apache Web Server
      •   Citrix StoreFront
      •   IIS Web Server
      •   Microsoft AD FS
      •   Microsoft Windows
      •   PAM
    •   Authentication Engine
    •   Authentication Manager
    •   Cloud Authentication Service
    •   MFA Agents
      •   macOS
      •   Microsoft Windows
    •   Software Tokens
      •   Android
      •   Blackberry
      •   Blackberry 10
      •   iOS
      •   macOS
      •   Token Converter
      •   Windows
      •   Windows Phone
  •   Events
  •   Ideas
  •   Integrations
  •   Knowledge Base
  •   RSA SecurID Access Prime
  •   Training
  •   Videos
Add an Application Using Trusted Headers

Add an Application Using Trusted Headers

You can use trusted headers to protect access to older applications that were developed internally.

You can use trusted headers to protect access to older applications that were developed internally.

Before you begin 

  • You must be a Super Admin for the Cloud Administration Console to perform this task.
  • At least one identity router must be connected to the Cloud Authentication Service.
  • At least one identity source for the Cloud Authentication Service must be connected to the identity router.
  • Consult with a knowledgeable person at your site, such as an application web developer or support person, to learn what header information the application expects to receive. The application web server must be configured to check for headers and to prevent users from accessing the server without authenticating through RSA SecurID Access.
  • If you are using a custom image for the application portal icon, you need an image file in JPG or PNG format, and no larger than 50 KB. The recommended size is 75x75 pixels.
This configuration affects the entire deployment. All identity routers share these settings.

Procedure 

  1. In the Cloud Administration Console, click Applications > Application Catalog.
    The Application Catalog appears.
  2. Click Create From Template.
  3. Next to Trusted Headers, click Select.
    The Add Connection wizard appears.
  4. On the Basic Information page, complete these fields.
    1. In the Name field, enter a name for the application.
    2. (Optional) In the Description field, enter a description for the application.
    3. (Optional) To hide the application in the application portal, clear the Display in Portal checkbox. When unselected, the application is not visible in the application portal, but users can still access the application by going directly to the protected URL.

      For information about how this setting interacts with the Disabled setting on the Basic Information page of the wizard, see Application Availability and Visibility.

    4. Click Next Step.
  5. On the Proxy Settings page, specify a proxy web server. This proxy is the identity router. In most cases, you only need one proxied hostname for the identity router. You need multiple proxied hostnames only if the application communicates with other services. Click ADD and provide the following information.
    Field Setting
    Protocol

    The internet protocol for the web server: HTTP or HTTPS.

    Note:  If the application uses both HTTP and HTTPS protocols, repeat Step 5 to configure a separate web server entry for each internet protocol.

    Proxy Hostname The hostname of the proxy web server, without the internet protocol, ending with your company domain name. Use a valid alias from the Domain Name System (DNS) database that points to the identity router hostname. This alias must be unique for each application.
    Examples:
    • www-appname-com.sso.example.com
    • resources-appname-com.sso.example.com
    Real Hostname The true hostname where the application is located, without the internet protocol.
    Examples:
    • www.appname.com
    • resources.appname.com
    Port The proxy port number. The default HTTP port is 80, and the default HTTPS port is 443.
    Rewrite Rules (Advanced)

    (Optional) Click to define Apache HTTP Server rewrite rules.

    Note:   Do not configure rewrite rules unless instructed to do so by RSA Customer Support.

  6. Provide the DNS administrator with a list of canonical name (CNAME) records. These records must be added to the DNS database before this application can use trusted headers. Each CNAME record points to the address (A) record for the hostname of the application portal. To generate this list, click Show CNAME Summary, and select one:
    • Click Hostname to show the hostname to which the CNAME record points.
    • Click BIND to show the Berkeley Internet Name Domain (BIND) format.

    Copy the CNAME list and provide it to the DNS administrator.

  7. In the Custom Headers section, select the information to pass in headers to the application.
    Option Pass to Application
    Pass Attributes User attribute values from the identity source
    Pass Headers User session information
    Verify Certificates If Secure Sockets Layer (SSL) through port 443 (SSL/443) is enabled, the identity router validates the application SSL certificates.
  8. Define the custom headers.
    Field Option Description
    Source Select the source where the HTTP header originates.
    • Attribute sends a user attribute from the identity source. Commonly used for trusted headers.
    • Constant sends a static string, for example, the name of the application. Rarely used for trusted headers.
    Property (available if Source is Attribute) Select the user attribute property to send.
    Name Specify the name that the application expects to receive. Consult with application developers to determine this name.
    Value (available if Source is Constant) Specify the constant value. Rarely used for trusted headers.
  9. (Optional) RSA SecurID Access provides the capability to define Apache HTTP Server rewrite rules when you click Advanced.

    Note:   Do not configure rewrite rules unless instructed to do so by RSA Customer Support.

  10. Click Next Step.
  11. On the User Access page, select an access policy that determines which users can access the application in the application portal, and whether those users must perform step-up authentication in order to use the application.
    1. Select one of the following:
      • Allow All Authenticated Users - Allow all users signed into the application portal to access the application with no step-up authentication required. This is a built-in access policy that you cannot modify.
      • Select a Policy - Select an access policy from the drop-down list. The default is No Access Allowed, which denies access to all users. No Access Allowed is a built-in access policy that you cannot modify.
    2. Click Next Step.
  12. Click Next Step.
  13. On the Portal Display page, configure how the application will appear in the application portal.
    1. (Optional) To hide the application in the application portal, clear the Display in Portal checkbox. When unselected, the application is not visible in the application portal, but users can still access the application by going directly to the protected URL.

      For information about how this setting interacts with the Disabled setting on the Basic Information page of the wizard, see Application Availability and Visibility.

    2. Select the Application Icon to represent the application in the RSA SecurID Access Application Portal. Use the default icon or click Change Icon to upload a different image.
    3. In the Application Tooltip field, specify tooltip text to display when the user passes the cursor over the application icon.
    4. In the Portal URL field, enter the URL where the user will be directed after clicking an application icon. Replace the real name of the application with the proxied hostname, and specify the application page that you want users to reach.

      For example, suppose the home page URL for the application is https://www.appname.com/welcome. Replace the real hostname (www.appname.com) with the proxied (protected) hostname (www-appname-com.sso.example.com). Add the welcome page. Now the full URL of the application portal is https://www-appname-com.sso.example.com/welcome.

      You can use this setting to forward users to any resource on the application after they are authenticated, for example, a reports page: www-appname-com.sso.example.com/reports.

  14. Click Save and Finish.
  15. (Optional) To publish this configuration and immediately activate it on the identity router, click Publish Changes.

 

 

 

Previous Topic:Trusted Headers
Next Topic:Add a Bookmark Link in the Application Portal
You are here
Table of Contents > Web Applications > Add an Application Using Trusted Headers
Labels (1)
Labels:
  • Configuration

Tags (15)
  • CAS
  • Cloud
  • Cloud Auth Service
  • Cloud Authentication
  • Cloud Authentication Service
  • Config
  • Configuration
  • Docs
  • Documentation
  • Product Docs
  • Product Documentation
  • RSA SecurID
  • RSA SecurID Access
  • SecurID
  • trusted headers
0 Likes
Was this article helpful? Yes No
Share
No ratings

On this page

Powered by Khoros
  • Products
  • Resources
  • Solutions
  • RSA University
  • Support
  • RSA Labs
  • RSA Ready
  • About RSA Link
  • Terms & Conditions
  • Privacy Statement
  • Provide Feedback
© 2020 RSA Security LLC or its affiliates.
All rights reserved.