Cloud Access Manager 8.1.4 - Security and Best Practice Guide

Relative URLs using root-to-root

Private URL https://erp.acme.prod.local Public URL https://erp.webapps.acme.com

/images/home.jpg

Does not need rewriting.

../scripts/login.js

Does not need rewriting.

reports/salesfigures2014.pdf

Does not need rewriting.

this.href.location = '/register.aspx';

Does not need rewriting.

NOTE: As embedded relative URLs do not need rewriting when using the root-to-root approach there is less scope for URL rewrite problems, and the proxy can return the page to the browser more quickly. In general, we strongly recommended the root-to-root approach for both reliability and performance.

Choosing the right SSL certificate

We recommend that you purchase and install an Secure Sockets Layer (SSL) certificate from a Certificate Authority, this ensures Cloud Access Manager users can be confident they are interacting with a genuine service. Please refer to the One Identity Cloud access Manager Installation Guide for full instructions on how to request and install an SSL certificate for Cloud Access Manager.

You can purchase one of three types of SSL certificate:

Single host certificate

This is typically the cheapest option. It is suitable for organizations who wish to proxy only a single application, or a collection of simple, static web applications with minimal client-side scripting using the folder-to-root method described above.

NOTE: The subject indicated in a single host certificate is a single hostname, for example www.acme.com

Wildcard certificate

This is usually the most costly option, but the most flexible. It allows you to set up unlimited root-to-root proxy mappings by permitting the domain name to be prefixed by any subdomain.

NOTE: The subject indicated in a wildcard certificate is a wildcard hostname, for example *.webapps.acme.com
Related Documents