Best practices - Header applications
The most common Access Gateway integration involves legacy Web Access Management (WAM) applications based on values contained in request headers.
Web Access Management solutions:
- May be custom build, or third party solutions such as Oracle Access Manager, CA Siteminder or others.
- Rely on header attributes for single sign on.
- Were often deployed behind proxy web-servers such as Apache.
- Involves validating application header contents before testing with back end protected web resources.
When configuring an application for header based single sign on make sure you review the steps to place the application behind a proxy server. Many OAG troubleshooting situations arise not from SSO but because the application is was incorrectly configured for a proxy server.
Before integrating any header based application examine all required and expected header elements. Ensure that the application definition in Access Gateway includes all required attributes.
In situations where protected web resources were previously fronted by Apache, Apache may have added header elements to requests before they were forwarded.
The Apache mod_header file often defined all required header fields and can be used as a source of information for expected header content.
Many applications use the terms web proxy and load balancer interchangeability. Examine any and all documentation related to web proxies, load balancers and related content to determine application attribute value requirements.