1.5
Table Of Contents
- Installing Application Manager
- Contents
- Installing and Configuring Application Manager
- Introduction to Application Manager
- Security Considerations and System Requirements for Application Manager
- Preparing to Install Application Manager
- Installing Application Manager
- Configuring Application Manager with the Operator Setup Wizard
- Making Additional Application Manager Configurations
- Troubleshooting Application Manager
- Index
Application Manager User Authentication
Connector Authentication mode refers to access to Application Manager where the Connector is the starting
point for user authentication.
Table 2-2. Providing User Access to Application Manager in Connector Authentication Mode
User Access From Inside the Enterprise Network User Access From Outside the Enterprise Network
n
Configure Kerberos authentication or
username/password authentication.
n
Install both the Application Manager and Connector
virtual appliances in a manner that provides Internet
access. Kerberos authentication is not available outside
the network. Therefore, the best practice is to use RSA
SecurID authentication, though username/password
authentication is available as well.
n
You can install the Connector and Application Manager
virtual appliances without Internet access. However, to
provide user access from outside the enterprise network,
users will need a VPN connection.
If you decide to enable Internet access to Application Manager and the Connector to provide users outside the
enterprise network access to Application Manager, configure them in one of the following ways:
n
Install Application Manager and the Connector inside the DMZ.
n
Install a reverse proxy server in the DMZ pointing to Application Manager and the Connector installed
behind the firewall.
n
Configure firewall port forwarding or router port forwarding to point to Application Manager and the
Connector installed behind the firewall.
For Connector Authentication mode, if you do not configure IdP discovery, you must provide users access to
specific URLs that direct the authentication flow through the Connector. These URLs contain the appropriate
information to direct users through the Connector directly to Application Manager. You must provide users
access to such URLs.
IMPORTANT Configuring IdP discovery eliminates the need to use the long URLs provided in the following
table. See “IdP Discovery,” on page 17.
Table 2-3. Connector Authentication Mode: URL Examples
Target URL Example Information
The Application Manager
User Web Interface
https://
MyOrg.MyDomain.com/SAAS/API/1.0/GET/federatio
n/request?i=IDP#&s=0
When your deployment is
production ready, provide this URL
to users to give them access to the
User Web interface. Replace MyOrg
and MyDomain with the appropriate
values and replace IDP# with the IdP
ID available on the Connector
Internal Access page.
https://ConnectorHost.MyDomain/login/ Use this URL for testing and
troubleshooting purposes if Kerberos
is not configured. Replace
ConnectorHostConnectorHost and
MyDomain with the appropriate
values.
Chapter 2 Introduction to Application Manager
VMware, Inc. 15