cancel
Showing results for 
Search instead for 
Did you mean: 
jjsims
Level 7

Publishing RSA Self Service Console

We currently publish the RSA self-service console using a TMG server and it works
as expected. I am migrating to using the MWG as a reverse proxy and I am able
to view the initial landing page but when I hit a submit button for a
particular function the internal hostname of the backend server is displayed in
the url. Using fiddler during a successful connection, I see that two 302 Moved
Temporarily responses occur and the site loads as expected. Using the MWG, I
get to the landing page, hit submit for a particular function, a 302 is logged
and the host name of the internal server replaces the public host name in the
url. Also, the MWG logs do not indicate that any of the traffic was denied. I
have tried using the next hop proxy option, setting the url to the external
host without success. Is there anything I missed or could try? Screenshot of my
current settings included. Thanks

0 Kudos
4 Replies
McAfee Employee

Re: Publishing RSA Self Service Console

Is the URL relative or absolute?

Is the server redirecting to a different server?

thanks,

Michael

0 Kudos
jjsims
Level 7

Re: Publishing RSA Self Service Console

Here is the capture from fiddler when it failsSmiley Sadwith some private info removed)

Request1

GET
https://ExternalFQDN.com/console-selfservice/ExistingUser/Links.do?com.rsa.ui.jsp.taglibs.html.TOKEN=
HTTP/1.1

Accept:image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
application/vnd.ms-xpsdocument, application/x-ms-application,
application/x-ms-xbap, application/xaml+xml, */*

Referer: https://Externalfqdn.com/console-selfservice/

Accept-Language:en-us

User-Agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; InfoPath.2;
.NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET
CLR 1.1.4322; .NET4.0C)

Accept-Encoding:gzip, deflate

Host:externalFQDN.com

Connection:Keep-Alive

Cookie:console-selfservice-

Response

HTTP/1.1
302 Moved Temporarily

viaSmiley Tongueroxy 1

Date:Fri, 23 Jan 2015 18:54:31 GMT

Location:https://InternalFQDN.com:7004/IMS-AA-IDP/sso/logon?RequestID=

Connection:Keep-Alive

X-Powered-BySmiley Frustratedervlet/3.0 JSP/2.2

Transfer-Encoding:chunked

C73

<html><head><title>302
Moved Temporarily</title></head>

<body
bgcolor="#FFFFFF">

<p>This document you requested has moved temporarily.</p>

<p>It's now at <a href="https://InternalFQDN.com:7004/IMS-AA-IDP/sso/logon?RequestID=

</body></html>

DNS Error

HTTP/1.1
502 Fiddler - DNS Lookup Failed

Date:Fri, 23 Jan 2015 18:54:57 GMT

Content-Type:text/html; charset=UTF-8

Connection:close

Cache-Control:no-cache, must-revalidate

Timestamp:13:54:57.236

[Fiddler]
DNS Lookup for "InternalFQDN.com"
failed. System.Net.Sockets.SocketException No such host is known


0 Kudos
eelsasser
Level 15

Re: Publishing RSA Self Service Console

The application looks like it is reacting to the ExternaFQDN.com in the Host header and doing the redirection itself.

In the Events, try also adding above the Next-Hop action:

Set URL.Host=InternalFQDN.com

This should alter the Host Header as it goes to the server to be the new value of InternalFQDN.com

0 Kudos
jjsims
Level 7

Re: Publishing RSA Self Service Console

Setting the suggested parameter did not work. Below is a successful connection using a TMG proxy.

Request1

GET https://ExternalFQDN/console-selfservice/ExistingUser/Links.do?

Http/1.1

Accept:image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
application/vnd.ms-xpsdocument, application/x-ms-application,
application/x-ms-xbap, application/xaml+xml, */*

Referer: https://ExternalFQDN/console-selfservice/

Accept-Language: en-us

User-Agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; InfoPath.2;
.NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET
CLR 1.1.4322; .NET4.0C)

Accept-Encoding: gzip, deflate

Host: ExternalFQDN

Connection: Keep-Alive

Cookie: console-selfservice-

Response1

HTTP/1.1 302 Moved Temporarily

Connection:Keep-Alive

Transfer-Encoding:chunked

Date:Fri, 23 Jan 2015 18:58:03 GMT

Location: https://ExternalFQDN/IMS-AA-IDP/sso/logon?RequestID

X-Powered-BySmiley Frustratedervlet/3.0 JSP/2.2

 

0c65

<html><head><title>302
Moved Temporarily</title></head>

<body bgcolor="#FFFFFF">

<p>This document you requested has moved temporarily.</p>

<p>It's now at <a href="https://InternalFQDN:7004/IMS-AA-IDP/sso/logon?RequestID=

0000

Request2

GET https://ExternalFQDN/IMS-AA-IDP/sso/logon?RequestID

HTTP/1.1

Accept:image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
application/vnd.ms-xpsdocument, application/x-ms-application,
application/x-ms-xbap, application/xaml+xml, */*

Referer:https://ExternalFQDN/console-selfservice/

Accept-Language:en-us

User-Agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; InfoPath.2;
.NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET
CLR 1.1.4322; .NET4.0C)

Accept-Encoding:gzip, deflate

Host:ExternalFQDN

Connection:Keep-Alive

Response2

HTTP/1.1 302 Moved Temporarily

Connection:Keep-Alive

Transfer-Encoding:chunked

Date:Fri, 23 Jan 2015 18:58:03 GMT

Location:https://ExternalFQDN/IMS-AA-IDP/InitialLogonDispatch.do

Set-Cookie:

Content-Language:en-US

X-Powered-BySmiley Frustratedervlet/3.0 JSP/2.2

0155

<html><head><title>302
Moved Temporarily</title></head>

<body bgcolor="#FFFFFF">

<p>This document you requested has moved temporarily.</p>

<p>It's now at <a href="https://InternalFQDN:7004/IMS-AA-IDP/InitialLogonDispatch.do">https://InternalFQDN:7004/IMS-AA-IDP/InitialLogonDispatch.do</a>.</p>

</body></html>

0000

Request3

GET https://ExternalFQDN/IMS-AA-IDP/InitialLogonDispatch.do HTTP/1.1

Accept:image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash,
application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
application/vnd.ms-xpsdocument, application/x-ms-application,
application/x-ms-xbap, application/xaml+xml, */*

Referer:https://ExternalFQDN/console-selfservice/

Accept-Language:en-us

User-Agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; InfoPath.2;
.NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET
CLR 1.1.4322; .NET4.0C)

Accept-Encoding:gzip, deflate

Host:ExternalFQDN

Connection:Keep-Alive

Cookie:

Response3

HTTP/1.1 200 OK

0 Kudos