29.9 Sample Identity Injection Policy

One of the common uses of an Identity Injection policy is to differentiate between internal users and external users. Web servers that have been configured for this logic can then display one set of pages to internal users and another set of pages to external users. The following sample policy is based on such an environment, which has the following characteristics:

To configure your site for this type of policy:

  1. In the Administration Console, click Access Manager > Policies.

  2. Click New, specify a name for the policy, select Access Gateway: Identity Injection for the type, then click OK.

  3. In the Actions section, click New > Inject into Custom Header.

  4. Fill in the following fields:

    Custom Header Name: Specify IPAddress in the text box.

    Value: Select Client IP.

    The other fields do not need to be modified. Your policy should look similar to the following:

  5. Click OK twice, then click Apply Changes.

  6. Assign the policy to the mycompany.html page of the Web server. Click Access Gateways > Edit > [Name of Reverse Proxy] > [Name of Proxy Service] > Protected Resources.

  7. In the Protected Resource List, select the protected resource for the page or click New to create one, then specify a name for it.

  8. In the URL Path List, ensure that the path ends with the name of the page. For example:

    /mycompany.html
    
  9. Click Identity Injection, select the name of the IP address policy, then click Enable.

  10. To save the changes, click Configuration Panel > OK.

  11. On the Configuration page, click OK, then click Update.

  12. Configure the Web server to use the IPAddress values in the custom header to distinguish between external and internal customers.

    In this sample scenario, the Web server is configured to recognize IP addresses starting with 10. as internal customers and all other addresses as external customers.