Hi!
Is there a way to get access to the Security Console behind a Reverse Proxy?
We have two network zones separated via a firewall: one for the clients, one for the servers
If I open the firewall the administrative client can get access to the security console via
https://<Server-FQDN>:7004/console-ims.
The server then redirects me to
https://<Server-FQDN>:7004/IMS-AA-IDP/InitialLogonDispatch.do
for the logon.
When the firewall only allows connections from the reverse proxy to the server, I can get access to the security console via
https://<Proxy-FQDN>:7004/console-ims
but then for the logon the server redirects me to
https://<Server-FQDN>:7004/IMS-AA-IDP/InitialLogonDispatch.do
As the direct connection is not allowed within the firewall, I cannot login.
It seems I cannot use the direct link to the logon page
https://<Proxy-FQDN>:7004/IMS-AA-IDP/InitialLogonDispatch.do
I always get an error there.
The other consoles
https://<Proxy-FQDN>:7072/operations-console
https://<Proxy-FQDN>:7004/console-selfservice
are working perfectly with the reverse proxy.
Thanks in advance!
Daniel
Since the AM primary and replicas are security devices, you will notice that only the FQDN works for the Security Console, and that there is an immediate redirect to make sure https is used and to isolate the bookmarked https://<FQDN>:7004/console-ims from brute force password quess attempts
If your reverse proxy or Firewall cannot or won't handle this redirect from https://<FQDN>:7004/console-ims, to https://<FQDN>:7004//IMS-AA-IDP/InitialLogonDispatch.dohttps://%3Cfqdn%3E:7004/console-ims then you cannot put your Security console behind it and expect Administrators to be able to access it, you will be forced to limit Admin Access to PCs on the Server side.
We have seen similar situations to this, but between the internal network and the Internet, not within the internal network. Auth manager has something called a Web Tier, which sits in a DMZ and allows access to Internet users to an obscured Self Service console, which also uses TCP port 7004. However this Web Tier never allows access to the Administration of the AM server on https://<FQDN>:7004/console-ims