Adding Web Application Profiles
The Web translation that AMC performs is more complete and robust in recent versions of
the appliance software. Beginning in version 10.x, it is no longer possible to revert to the legacy translation
for Web application profiles that worked in version 8.6.x.
Web application profiles control single sign-on characteristics, as well as content translation options for a
particular Web resource. Each Web resource should have a Web application profile associated with it.
Single sign-on options control whether and how a user’s login credentials are forwarded to downstream
Web applications. These options are disabled by default. In addition, one of the following is required to
configure single sign-on:
Click Use Web content translation on the User Access > WorkPlace > Settings page in the AMC.
Define a WorkPlace link as an aliased URL. This is the approach you should take if you normally redirect traffic through a network agent, but in this case you want to force the resource to be proxied using translated, custom port mapped, or Exchange server FQDN mapped Web access for single sign-on.
For more information, see Web Shortcut Access and Configuring WorkPlace General Settings.
You can configure single sign-on when you create a WorkPlace shortcut for accessing a
Windows Terminal Services or Citrix host. See Adding Graphical Terminal Shortcuts to Individual Hosts.
cookie paths are translated by the Web proxy service. The options are used only by the translated Web
access agent: they are ignored by standard Web access.
Web application profiles are not used if Web shortcut access is set to Redirect through network agent on the Configure WorkPlace page in AMC. See Configuring WorkPlace General Settings.
To add a Web application profile
In the AMC, navigate to System Configuration > Services.
In the Access Services section, click the Configure link under Web proxy service.
The Web Proxy Service page displays.
Click the Web Application Profiles tab.
Click the + (New) icon.
The Add Web Application Profile page displays.
In the Name field, type a name for the profile. If you are creating a profile to associate with a specific application, you might want to give it a name similar to that of the application.
In the Description field, type a descriptive comment about the profile.
In the Single Sign-On area, specify if and how you want user credentials to be passed along to the Web resource. Forwarding user credentials prevents the user from having to log in multiple times (once to get to the appliance, and again to access an application resource).
- If you select the Forward each user’s individual username and password checkbox, the
username and password used to authenticate to WorkPlace are forwarded to the back-end Web
- If you select the Forward static credentials checkbox, the appliance forwards the same username
and password for all users. This is useful for Web sites that require HTTP basic authentication, but
don’t provide personalized content for each user based on the login name. It’s also useful for
users who authenticate with a client certificate or token.
- If you do not select either option, single sign-on functionality is disabled. If you select both
options, the individual username and password option takes precedence. For example, if the user provides a username/password pair, it is forwarded, but if username/password is not provided,
the Web proxy service forwards the static credentials.
- If you select the Enable Kerberos single sign-on checkbox and specify the Kerberos realm where
the resources are hosted, WorkPlace and Connect Tunnel users can access http resources. This
realm is used for authenticating environments like Active Directory, Active Directory Tree, and
Active Directory Forest where Kerberos is configured as a preferred authentication mechanism.
- In the Dynamic Single Sign-On area, configure the Dynamic Single Sign-On profile or select from the dropdown. For more information on how to configure, see Creating Forms-Based Dynamic Single Sign-On Profiles.
In the Content translation area, select the items that you want the Web proxy service to translate.
absolute URLs or absolute references (
/to/path/xyz), or that dynamically generates URLs (for
location=“http://” + host name + “/index.html”). This improves
This option is enabled by default.
However, if you notice problems with searching mail based on the Subject, From, or Sent To fields,
- Select the Translate content based on file extension checkbox if you want the Web proxy service
to determine content type by examining the file extension, not the MIME type. Normally, the
Web proxy service translates certain content types (including text and HTML). It determines the
content type from the MIME type in the HTTP header. If a Web resource is sending the incorrect
MIME type, select this option and the Web proxy service will decide whether or not to translate a
file based on its file extension. This option is disabled by default.
- Select the Translate cookie body checkbox if you want the Web proxy service to translate URLs
embedded in the body of a cookie. If a Web resource uses embedded URLs in the body of a cookie
(which is not common practice), and you do not have this option enabled, users can experience
problems. A common symptom is being unexpectedly redirected to another URL. This option is
enabled by default.
- Select the Translate cookie path checkbox if you want the Web proxy service to translate the path
attribute of cookies sent by back-end resources. The browser uses cookie paths to determine
when to send a cookie back to the server. The appliance changes the path that the browser sees,
so if the cookie path is not translated, the browser will never send the cookie. A common
symptom of this situation is a user being prompted repeatedly for login credentials after already
entering valid ones. If this occurs, you should enable this option. This option is enabled by default.
Was This Article Helpful?
Help us to improve our support portal