Planning to Add an Application Using HTTP Federation Proxy Planning to Add an Application Using HTTP Federation Proxy
Before you configure a connection to a web application using HTTP Federation (HFED) Proxy, you must collect required information and make some planning decisions. After you start the Add Custom Connection wizard, you must enter all required settings to save the configuration. You can modify the settings later in My Applications.
Required InformationRequired Information
To track this information and to ensure that you have selected the required information, see HTTP Federation Proxy Planning Worksheet.- Obtain valid user credentials for the application so you can sign into the application home page. Examples: username, password, employee ID, date of birth.
- Gather the following application URLs:
- Logon page – The URL of the web page that contains the sign-in form.
Go to the main page of the application, click Log in or Sign in, and copy the URL from the browser. For example, https://www.appname.com/login.aspx, where www.appname.com is the application hostname.
- Home page – The URL of the landing page after signing in. For example: https://www.appname.com/welcome.
Record any other hostnames that are part of the application such as www2.appname.com or resources.appname.com.
- Logon page – The URL of the web page that contains the sign-in form.
- Record what happens when sign-in fails. The identity router uses this information to detect whether an attempt to sign into an application has succeeded or failed.
Go to the application sign-in page, intentionally enter the wrong credentials, and note one of the following failure indicators.
- Record the hostname of the proxy web server for the application. The proxy hostname must be a valid alias in the Domain Name System (DNS) database that points to the portal hostname in the identity router, and it must be unique across all applications. For example: www-appname-com.sso.example.com, where www.appname.com is the real host name.
- Record the port number the application uses, if different from the default port. The default HTTP port is 80, and the default HTTPS port is 443.
- Record the portal URL, which is the URL for the home page or destination page of the application when accessing the application through the identity router. This URL consists of the following:
- Decide if users will be allowed to set and change their own credentials in the application portal.
- If yes, users only need to remember a single password for the application portal. It can also save time for administrators when users can manage credentials for themselves.
- If no, then you must populate user keychains for each HFED application, and users cannot set or change their own credentials. In this case, you have greater control over user credentials, for example, if there is a security concern about preventing unauthorized access to the application.
Portal URL ExamplesPortal URL Examples
Using a wildcard CNAME you can quickly add HFED application-protected hostnames without creating individual DNS entries. For example, *.sso.example.com is a CNAME to portal.sso.example.com.
Related Concepts
Choosing a Connection Method to Add an SSO Agent Application
HTTP Federation Proxy Applications
Related Tasks
Add an Application Using HTTP Federation Proxy
Related References