Configure advanced access control authentication on a reverse proxy
Configure the reverse proxy protecting resources to use the authentication service and access control features. There is a tool in the Local Management Interface that configures a reverse proxy to work with these services. This tool can be invoked by the User Interface or with REST APIs. When you invoke the REST API to configure the reverse proxy from the Local Management Interface, the following changes are made:
- The reverse proxy configuration is updated.
- Access control lists (ACLs) are created and attached.
- The rba-pop is created.
- The Runtime Server certificate is loaded into the WebSEAL Truststore.
All the changes that this API performs are documented in the REST API documentation, under Authentication and Context based access configuration for a reverse proxy.
This API does not perform any configuration which cannot be performed with public interfaces.
After this API is invoked, the autocfg_authsvc.log file in the reverse proxy logs is available to view the configuration that is performed. This topic only covers Authentication and Context based access. For OAuth, MMFA, or Federation, see one of the following topics:
- Reverse proxy configuration for OAuth and OIDC provider
- Configure Mobile Multi-Factor Authentication
- Configure a reverse proxy point of contact server
To configure a reverse proxy for use with Advanced Access Control, follow the procedure below:
Steps
- From the local management interface, select...
Web > Manage > Reverse Proxy > instance name > Manage > AAC and Federation Configuration > Authentication and Context Based Access Configuration
A window opens where we can add the configuration information. Populate or port the host as appropriate. The username and password required are that of the RTSS and STS service user. It is, by default easuser. For information on managing these users, see Manage user registries.
Parent topic: Reverse Proxy Configuration with Authentication Services