Cloud Access Manager 8.1.2 - How To Configure Advanced Form Fill Authentication

Understanding proxy URL mappings

The proxy URL mapping defines how Dell™ One Identity Cloud Access Manager will proxy the web application. Typically the entire web server serving the application will be included by the proxy using a dedicated Domain Name System (DNS) alias assigned to the proxy. This is the preferred mapping method and is compatible with the most applications. Internally we refer to this type of mapping as a root-to-root mapping.

A root-to-root mapping requires a dedicated DNS alias for the application. The DNS alias typically contains the name of the application, for example owa.webapps.democorp.com. This new fully qualified domain name (FQDN) must be within the wildcard DNS subdomain created during the Cloud Access Manager installation and which will resolve to the public IP address used by the proxy. For example, if you created the wildcard DNS subdomain *.webapps.democorp.com during installation, you could now use an FQDN of owa.webapps.democorp.com to proxy an Outlook Web Access application or sp2010.webapps.democorp.com to proxy a Microsoft® SharePoint® Server 2010 application. For further information on creating a wildcard subdomain, please refer to the Dell™ One Identity Cloud Access Manager Installation Guide and the Dell™ One Identity Cloud Access Manager Configuration Guide.

If you did not create a wildcard DNS subdomain for Cloud Access Manager during installation, you will need to manually add the new FQDN into your public DNS. The new FQDN must be covered by the wildcard Secure Sockets Layer (SSL) certificate you are using to avoid certificate errors being reported by the client browsers.

When you configure this type of mapping, leave the path box empty. If you enter a path value, the mapping type will change from root-to-root to a symmetric mapping.

Alternatively, some applications are installed entirely within their own virtual directory on the web server where they reside. One example of such an application is Dell™ One Identity Active Roles Server, which installs into the virtual directory/ARServerAdmin. Here it is possible to map the application path onto the same path on the proxy’s public hostname allowing that hostname to be used instead of requiring a new public DNS Alias to be created, for example www.webapps.democorp.com/ARServerAdmin. Internally we refer to this type of mapping as a symmetric mapping.

You can map multiple paths for an application, but you can only map paths that are unique to the application and not common path names, which could clash with other applications. For example, if you map the path /common for one application you cannot map the same /common path to another unrelated application, as you cannot map them both onto the same path on the proxy’s public hostname.

Often applications will not be installed within a self-contained virtual directory making symmetric mapping an unsuitable method for mapping them, for example OWA or SharePoint® 2010. Attempting a symmetric mapping here can result in images not appearing on the application’s pages, missing functionality, broken links and other unexpected behavior. Identifying whether an application is suitable for symmetric mapping can be difficult and so, if possible, it is more reliable to use a root-to-root mapping instead.

Using the network view on the browser’s developer tools, or a tool such as Fiddler, will help determine if all of the requests to the application reside within a single virtual directory. For example, in the image below you can see that all requests reside within the /mantis virtual directory making this application suitable for a symmetric mapping:

The symmetric mapping type is activated whenever you enter a path on the Proxy URL page.

When you configure a mapping, it is important to map to a directory or folder. It is not possible to map to an individual file. Cloud Access Manager must map to a whole web application, not a single page or file within an application. You cannot, for example, only proxy the login page by entering qpm/login.aspx into the path field.

LFIT—Login Form Inspection Tool

LFIT is a tool provided within Dell™ One Identity Cloud Access Manager to enable fast identification of the values necessary to form fill against a supplied form. Generally LFIT collects the necessary data without issue, but occasionally it may fail to find certain fields or values. This is an indication that there is something non-standard about the login form or that JavaScript functions may be in place. Sometimes you can simply click in the fields manually to populate the values, at other times you may need to enter the values on the Form Fill Details page of the application wizard.

Legal notices

Copyright 2016 Dell Inc. All rights reserved.

This product is protected by U.S. and international copyright and intellectual property laws.

This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Dell Inc.

The information in this document is provided in connection with Dell products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Dell products. EXCEPT AS SET FORTH IN THE TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, DELL ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL DELL BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF DELL HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Dell makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Dell does not make any commitment to update the information contained in this document.

If you have any questions regarding your potential use of this material, contact:

Dell Inc.
Attn: LEGAL Dept
5 Polaris Way
Aliso Viejo, CA 92656

Refer to our web site (quest.com) for regional and international office information.

Trademarks

Dell, the Dell logo, Dell™ One Identity Active Roles and Dell™ One Identity Cloud Access Manager are trademarks of Dell Inc. Microsoft, Windows, Internet Explorer and SharePoint are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Mozilla Firefox is a registered trademark of the Mozilla Foundation. Google Chrome browser is a trademark of Google Inc. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims any proprietary interest in the marks and names of others.

Legend