Identity provider - Reverse proxy

AVAILABLE IN 9.6.6 AND LATER

Overview

This authentication option allows using a reverse proxy to handle the authentication of the users, meaning that once the user has logged into their proxy, they can seamlessly access the Verba Web Application. 

When the users attempt to access the Verba Web Application URL, the proxy server authenticates the incoming request against your authentication system. After successful authentication, the proxy sets a request header with the authenticated user identity and sends this information to Verba Web Application. The Verba Web Application accepts the incoming HTTP request from the proxy, and if it recognizes the user contained in the header, the user will be automatically logged in to the application. For successful single sign-on, all requests from the proxy to the Verba Web Application must include the authentication headers. If the header is not included in a request, then the user is returned to the login page. The Web Application uses the authenticated header for the duration of the browser session.

The header value is trusted without further checks or additional authentication, all incoming connections from the reverse proxy will log in all users based on the HTTP headers.

It is highly recommended to restrict the access to the Verba Web Application to the proxy server(s) by configuring either:

A sample scenario is shown on the diagram below.

  1. The user opens the Verba Web Application URL which is directed to the Reverse Proxy
  2. The Reverse Proxy authenticates the user with the Authentication Server
  3. After successful user authentication, the Reverse Proxy forwards the request to the Verba Web Application and provides the user identity in request headers

  4. The Verba Web Application validates the user identity and if the user is recognized the user is logged into the application automatically.

An example of reverse proxy-based authentication is base on Symantec SiteMinder (formerly CA SiteMinder). In this configuration, the Reverse Proxy is a Microsoft IIS web server that is integrated with the SiteMinder Agent.

Configuration

Step 1 - Provide a Name.

Step 2 - Provide the user attribute for the matching in Verba User Attribute setting.

Step 3 - If not exact matching of the attribute is required, change the Verba User Attribute Matching

Step 4 - Provide the Request Header sent by the reverse proxy

Step 5 - Provide a Regex that matches the header immediately before the User Attribute

Step 6 - Provide a Regex that matches immediately after the User Attribute


Item Description
Verba User AttributeThe user attribute used for matching the user
Verba User Attribute MatchingDefines the matching for the user attribute
Request Header The header sent by the reverse proxy
Prefix RegexRegex matching the prefix
Stop RegexRegex for stopping after the User Attribute