7.3 Configuring Public Access to Digital Airlines

This section describes the procedures for configuring the Access Gateway so that a client can access the Digital Airlines site. Before continuing, make sure you have completed the prerequisite tasks described in Prerequisite Tasks and Section 7.2, Setting Up the Web Server.

  1. On the client machine, open a browser and log in to the Administration Console.

  2. In the Administration Console, click Access Manager > Access Gateways.

    The IP address of the Access Gateway you installed should be listed in the display window.

    An Access Gateway that has not been configured displays a yellow health status.

  3. Click Edit > Reverse Proxy / Authentication.

  4. In the Identity Server Cluster option, select the configuration you have assigned to the Identity Server.

    This sets up the trust relationship between the Access Gateway and the Identity Server that is used for authentication.

  5. In the Reverse Proxy List, click New, specify DAL as the new Reverse Proxy Name, then click OK.

  6. Enable a listening address.

    If the server has only one IP address, only one is displayed and it is automatically selected as the Listening Address. If the server has multiple addresses, you can select one or more IP addresses to enable. You must enable at least one address by selecting its check box.

  7. Configure a listening port.

    Non-Secure Port: Select 80, which is the default port for HTTP.

    Secure Port: This is the HTTPS listening port. This port is unused and cannot be configured until you enable SSL. This example does not contain SSL configuration instructions.

  8. In the Proxy Service List, click New and specify the following information:

    Proxy Service Name: Specify any name that intuitively identifies this service on your Access Gateway server. For this example, specify Dallistener.

    Public DNS Name: The DNS name you want the public to use to access your Digital Airlines site. This DNS name must resolve to the IP address you set up as the listening address. This example uses am3bc.provo.novell.com.

    Web Server IP Address: The IP address of the Web server where your Digital Airlines files are installed.

    Host Header: Select Forward Received Host Name from the drop-down menu. The Web server and the Digital Airlines pages have not been set up to require the DNS name of the Web server in the Host Header, so it does not matter what name is placed in the Host Header.

  9. Click OK.

  10. In the Proxy Service List, click Dallistener.

  11. Click Protected Resources, then in the Protected Resource List, click New.

  12. Type everything in the Name field, then click OK.

  13. In the Contract field, select None from the drop-down menu.

    Under URL Path List, you should see /*, which includes everything on that server.

    Later on, you will be instructed to change the Contract field to a Name/Password - Form, but for now, we want you to learn how the example works without any authentication.

  14. Click OK.

  15. In the Protected Resource List, verify that the protected resource you created is enabled, then click OK.

  16. Click the Access Gateways link.

  17. To apply the changes, click Update > OK.

    Until this step, nothing has been saved. The Update status pushes the configuration to the server. When the configuration update has completed successfully, the server returns the status of Current.

  18. To update the Identity Server for the trusted relationship, click Identity Servers > Update > OK.

  19. To test the results, complete the following.

    1. Open a browser on the client machine.

    2. Enter the URL for the proxy service. For this example, it is


      Your network needs to be configured so that this published DNS name of the proxy service resolves to the IP address of the Access Gateway. The reverse proxy hides the internal address of the Web server.

      You should see the Digital Airlines page.

      If you get an error, check the time on the Access Gateway and Identity Server. They must be within 5 minutes of each other.

  20. Close the browser.

  21. To require authentication for access to the site and to configure access to the protected pages (the VPN application and the hidden Sales System site), continue with Section 7.4, Implementing Access Restrictions.

    Currently, the Corporate Mail and Medical Benefits Portal buttons do not link to available pages. They exist to illustrate what you could do when you require your users to authenticate before accessing the site.

    For example, the Corporate Mail button could be configured so that the redirected request initiates a mail session to the user’s default e-mail application and injects the login credentials to provide access to the user’s protected, Web-based e-mail account.

    The Medical Benefits Portal button could be configured to set up a federated account with the company that provides medical benefits for your company.