Add a Websocket-based application

HTTP and WebSocket both are communication protocols used in client-server communication. HTTP is unidirectional where the client sends the request and a server responds. WebSockets, on the other hand, is a bidirectional and a full-duplex protocol used between the client and server.

Access Gateway supports WebSocket-based applications by adding a policy directive to those URIs associated with WebSocket end points. The following sections describe the tasks required to define a header-based application and then create a policy for each web socket-based URI.

Typical Access Gateway header based application architecture showing a high availability cluster protecting an application with web socket based URIs and using custom policy to convert HTTP request to web socket requests.

Before you begin

Ensure you have available:

  • An appropriate DNS entry for both the WebSocket application and the external exposed new URL exist.
    For example:
    https://external.domain.comExternal application. The URL clients use
    https://internal.domain.comProtected application URL.
  • A list of any required application header attributes exists along with their expected content.
  • A list of all WebSocket-based URIs that exist, so you can tag each as using WebSocket policy directives.

Typical workflow

The Access Gateway administrator usually performs all tasks in this workflow.



Create a containing group
  • Best practice and common task: Create an optional group to assign to the application.
Create header application
  • Create a header application configured to protect the application, which includes an appropriate WebSocket policy.
Assign Certificate
  • Optionally, assign a certificate to the application.
Add additional attributes
  • Optionally, add more attributes to the application.
Add required access policy
  • Add required policy for all WebSocket serviced URIs.
Test the application
  • Test the application, ensuring coverage of all URIs, especially those associated with WebSockets.
  • When required troubleshoot the integration.