4 Replies Latest reply on Jan 27, 2015 2:27 PM by jjsims

    Publishing RSA Self Service Console

    jjsims

      We currently publish the RSA self-service console using a TMG server and it works
      as expected. I am migrating to using the MWG as a reverse proxy and I am able
      to view the initial landing page but when I hit a submit button for a
      particular function the internal hostname of the backend server is displayed in
      the url. Using fiddler during a successful connection, I see that two 302 Moved
      Temporarily responses occur and the site loads as expected. Using the MWG, I
      get to the landing page, hit submit for a particular function, a 302 is logged
      and the host name of the internal server replaces the public host name in the
      url. Also, the MWG logs do not indicate that any of the traffic was denied. I
      have tried using the next hop proxy option, setting the url to the external
      host without success. Is there anything I missed or could try? Screenshot of my
      current settings included. Thanks

        • 1. Re: Publishing RSA Self Service Console
          michael_schneider

          Is the URL relative or absolute?

          Is the server redirecting to a different server?

           

          thanks,

          Michael

          • 2. Re: Publishing RSA Self Service Console
            jjsims

            Here is the capture from fiddler when it fails:(with some private info removed)

             

             

             

            Request1

            GET
            https://ExternalFQDN.com/console-selfservice/ExistingUser/Links.do?com.rsa.ui.jsp.taglibs.html.TOKEN=
            HTTP/1.1

            Accept:image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash,
            application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
            application/vnd.ms-xpsdocument, application/x-ms-application,
            application/x-ms-xbap, application/xaml+xml, */*

            Referer: https://Externalfqdn.com/console-selfservice/

            Accept-Language:en-us

            User-Agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; InfoPath.2;
            .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET
            CLR 1.1.4322; .NET4.0C)

            Accept-Encoding:gzip, deflate

            Host:externalFQDN.com

            Connection:Keep-Alive

            Cookie:console-selfservice-

             

             

            Response

             

            HTTP/1.1
            302 Moved Temporarily

            via:proxy 1

            Date:Fri, 23 Jan 2015 18:54:31 GMT

            Location:https://InternalFQDN.com:7004/IMS-AA-IDP/sso/logon?RequestID=

            Connection:Keep-Alive

            X-Powered-By:Servlet/3.0 JSP/2.2

            Transfer-Encoding:chunked

             

            C73

            <html><head><title>302
            Moved Temporarily</title></head>

            <body
            bgcolor="#FFFFFF">

            <p>This document you requested has moved temporarily.</p>

            <p>It's now at <a href="https://InternalFQDN.com:7004/IMS-AA-IDP/sso/logon?RequestID=

            </body></html>

             

            DNS Error

             

            HTTP/1.1
            502 Fiddler - DNS Lookup Failed

            Date:Fri, 23 Jan 2015 18:54:57 GMT

            Content-Type:text/html; charset=UTF-8

            Connection:close

            Cache-Control:no-cache, must-revalidate

            Timestamp:13:54:57.236

            [Fiddler]
            DNS Lookup for "InternalFQDN.com"
            failed. System.Net.Sockets.SocketException No such host is known


            • 3. Re: Publishing RSA Self Service Console

              The application looks like it is reacting to the ExternaFQDN.com in the Host header and doing the redirection itself.

              In the Events, try also adding above the Next-Hop action:

              Set URL.Host=InternalFQDN.com

              This should alter the Host Header as it goes to the server to be the new value of InternalFQDN.com

              • 4. Re: Publishing RSA Self Service Console
                jjsims

                Setting the suggested parameter did not work. Below is a successful connection using a TMG proxy.

                 

                 

                 

                Request1

                GET https://ExternalFQDN/console-selfservice/ExistingUser/Links.do?

                Http/1.1

                Accept:image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash,
                application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
                application/vnd.ms-xpsdocument, application/x-ms-application,
                application/x-ms-xbap, application/xaml+xml, */*

                Referer: https://ExternalFQDN/console-selfservice/

                Accept-Language: en-us

                User-Agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; InfoPath.2;
                .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET
                CLR 1.1.4322; .NET4.0C)

                Accept-Encoding: gzip, deflate

                Host: ExternalFQDN

                Connection: Keep-Alive

                Cookie: console-selfservice-

                 

                 

                Response1

                HTTP/1.1 302 Moved Temporarily

                Connection:Keep-Alive

                Transfer-Encoding:chunked

                Date:Fri, 23 Jan 2015 18:58:03 GMT

                Location: https://ExternalFQDN/IMS-AA-IDP/sso/logon?RequestID

                X-Powered-By:Servlet/3.0 JSP/2.2

                 

                0c65

                <html><head><title>302
                Moved Temporarily</title></head>

                <body bgcolor="#FFFFFF">

                <p>This document you requested has moved temporarily.</p>

                <p>It's now at <a href="https://InternalFQDN:7004/IMS-AA-IDP/sso/logon?RequestID=

                0000

                 

                Request2

                GET https://ExternalFQDN/IMS-AA-IDP/sso/logon?RequestID

                HTTP/1.1

                Accept:image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash,
                application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
                application/vnd.ms-xpsdocument, application/x-ms-application,
                application/x-ms-xbap, application/xaml+xml, */*

                Referer:https://ExternalFQDN/console-selfservice/

                Accept-Language:en-us

                User-Agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; InfoPath.2;
                .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET
                CLR 1.1.4322; .NET4.0C)

                Accept-Encoding:gzip, deflate

                Host:ExternalFQDN

                Connection:Keep-Alive

                 

                 

                Response2

                HTTP/1.1 302 Moved Temporarily

                Connection:Keep-Alive

                Transfer-Encoding:chunked

                Date:Fri, 23 Jan 2015 18:58:03 GMT

                Location:https://ExternalFQDN/IMS-AA-IDP/InitialLogonDispatch.do

                Set-Cookie:

                Content-Language:en-US

                X-Powered-By:Servlet/3.0 JSP/2.2

                 

                0155

                <html><head><title>302
                Moved Temporarily</title></head>

                <body bgcolor="#FFFFFF">

                <p>This document you requested has moved temporarily.</p>

                <p>It's now at <a href="https://InternalFQDN:7004/IMS-AA-IDP/InitialLogonDispatch.do">https://InternalFQDN:7004/IMS-AA-IDP/InitialLogonDispatch.do</a>.</p>

                </body></html>

                0000

                 

                Request3

                GET https://ExternalFQDN/IMS-AA-IDP/InitialLogonDispatch.do HTTP/1.1

                Accept:image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash,
                application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword,
                application/vnd.ms-xpsdocument, application/x-ms-application,
                application/x-ms-xbap, application/xaml+xml, */*

                Referer:https://ExternalFQDN/console-selfservice/

                Accept-Language:en-us

                User-Agent:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; InfoPath.2;
                .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; .NET
                CLR 1.1.4322; .NET4.0C)

                Accept-Encoding:gzip, deflate

                Host:ExternalFQDN

                Connection:Keep-Alive

                Cookie:

                 

                Response3

                HTTP/1.1 200 OK