Create virtual junctions

Use the Junction Management page to create one or more virtual junctions in the environment.

Steps

  1. Select Web > Manage > Reverse Proxy.

  2. Select the reverse proxy to manage junctions for.

  3. Select Manage > Junction Management.

  4. Click New > Virtual Junction.

  5. On the Junction tab page:

    1. Enter the junction label in the Junction Label field.

    2. Select the Stateful Junction check box to have the junction to be stateful.

    3. Select the HTTP/2 Junction check box to enable HTTP/2 protocol to the junction server.

    4. Select the HTTP/2 Proxy check box to enable HTTP/2 protocol to the proxy server.

    5. Specify the Server Name Indicator (SNI).

    6. Select a junction type from the listed options on the right.

      Notes for HTTP/2 junctions:

      • The protected Web Server must serve HTTP/2 over both TCP and SSL for WebSEAL mutual junction type with HTTP/2 to work. For example, Microsoft IIS only serves HTTP/2 over SSL. So an HTTP/2 mutual junction type cannot be created to an IIS Web Server.
      • TCP HTTP/2 junction connections do not use HTTP/2 upgrade. They require the "Prior Knowledge" method to connect to an HTTP/2 Web Server over TCP. In Apache configuration terms, this is the "Direct mode".

  6. On the Servers tab page:

    1. Click New to add a target back-end server.At lease one target back-end server must be added to create a junction.

    2. Complete the fields displayed.

    3. Click Save.

  7. On the Basic Authentication tab page:

    1. Select the Enable Basic Authentication check box if BA header information is to be used for authentication with the back-end server.

    2. Enter the WebSEAL user name in the Username field.

    3. Enter the WebSEAL password in the Password field.

    4. Select the Enable mutual authentication to junctioned WebSEAL servers check box if mutual authentication is to be used between a frontend WebSEAL server and a back-end WebSEAL server.

    5. Select the key file from the list to use for mutual authentication.

    6. Select the key label from the list to use for mutual authentication.

  8. On the Identity tab page:

    1. Define how WebSEAL server passes client identity information in BA headers to the back-end server by selecting appropriate actions from the list under HTTP Basic Authentication Header.

    2. If GSO is selected in the previous step, enter the GSO resource or resource group name in the GSO Resource or Group field. If a value other than GSO is selected in the previous step, skip this step.

    3. Select what HTTP header identity information is passed to the back-end server in the HTTP Header Identity Information field.

    4. Select encoding from the list under HTTP Header Encoding.

    5. Check box on the right as necessary.

  9. On the SSO and LTPA tab page:

    1. Select the Enable LTPA cookie Support check box if the junctions are to support LTPA cookies.

    2. If LTPA version 2 cookies (LtpaToken2) are used, select the Use Version 2 Cookies check box.

    3. Select the LTPA keyfile from the list under LTPA Keyfile.

    4. Enter the keyfile password in the LTPA Keyfile Password field.

  10. On the General tab page:

    1. Specify the name of the form based single sign-on configuration file in the FSSO Configuration File field.

    2. Define the hard limit for consumption of worker threads in the Percentage Value for Hard Limit of Worker Threads field.

    3. Define the soft limit for consumption of worker threads in the Percentage Value for Soft Limit of Worker Threads field.

    4. To have denied requests and failure reason information from authorization rules to be sent in the Boolean Rule header, select the Include authorization rules decision information check box.

    5. Click Save.

Parent topic: Junctions