Redirect external user (internet) & internal user (intranet)
Hi, we are developing a public portal services in which we have two kind of user: a) public user that access through internet to the portal. b) internal user that access inside a domain to the portal.
We want to know How we can know which is the external and which is the internal in order to assign a portal desktop.
I have seen in the forms the following options:
1.-> IISPROXY
2.-> SPNEGO
3.-> APACHE & SAPDISPATCHER
1.-> It seems that we the last release of the portal is obsolete
2.-> It seems that SPNEGO is for internal use only (intranet).
3.-> I have not documentation about.
I would be very grateful if someone give a solution and documentation or links about it.
Thanks in advanced.
Regards.
Hi Optima,
You can use a appIntegrator to distinguish intranet/ extranet users..
Have a look at "HowToUseAppIntegrator_en.pdf" from service market place.
This weblog should give you some idea about appintegrator: Step-By-Step Guide to implement Application Integrator
Regards,
SK.
Similar Messages
-
Sbs2003 does not redirect external users to correct website on a member server
I have both an SBS2003 server with MOSS2007, and on a second server box, I've installed an additional domain controller (Server 2008 R2) w/ DNS, IIS7, and SharePoint Server 2010.
Internally, I can visit http://MOSS2007 (example) or
http://SPS2010 (example) from any device on the network and it takes me to the correct website on the first or second box, respectively. I can also visit
http://MOSS2007.domain.com (example) or
http://SPS2010.domain.com (example) with no problems.
Externally, I can visit http://SBS2003.domain.com (example) and get the "welcome to small business server" webpage. I can also visit
http://MOSS2007.domain.com (example) and visit the first server box with no problems. However, visiting
http://SPS2010.domain.com (example) simply shows the "welcome to small business server" webpage.
I can't figure out why SPS2010.domain.com won't display properly to external users outside the network.
Any help would be greatly appreciated.I really hope it is ISA 2004 and not ISA 2000.
Robert Pearman SBS MVP
itauthority.co.uk |
Title(Required)
Facebook |
Twitter |
Linked in |
Google+ -
Is it possible to redirect external user to external address
Hello,
i need to redirect some external requests to another external ip(through the same interface), how it could be performed?
I tried
ip nat outside souce static MAP-ADDRESS REAL-ADDRESS
but without success.
Thanks in advanceHello
You wish to redirect traffic back out of the same interface it came in on?
If that the case why is it coimg to you in the first place! - Im not sure I ubderstand your request?
Res
Paul -
External users can communicate web server, Internal users can't communicate
Hi All,
This Babu, I have Cisco - 1941 and ASA 5510, ISP was terminated on Router point ot point connectivity(10.10.10.0/30). Router isdie ip is Public ip
(49.49.49.1/28), firewall inside ip is 49.49.49.2 and i have done nating in firewall with private ip 192.168.1.0/24.
we have web server, this is also connected in Intranet, this internal ip was 192.168.1.13 nat with publi ip 49.49.49.13.
In this scenario all external users can communicate with web server ie www.example.com. but internal users can't communicate with www.example.com
All internal user able to ping the web server with 192.168.1.13 successfully and get the internet also.
Please help me, what is the problem...Hi Jereen,
my user tried the following :
- went to http://oraclepartnernetwork.oracle.com/
- at top of the page, click on the "Register / Sign In" link.
- entered user name [email protected], and password (he tried also with a reset system generated password)
- got "Invalid Login" Error
so it seems the issue is not with beehive online, but with SSO to start with...
my other sun.com users have the same issue. Could it be a restriction on Sun.com domain ?
I understand now my issue is not with beehive online, so don't hesitate to redirect me to the appropriate support team if necessary.
Thanks a lot for all your help
christian -
Internal and external user logins
i have an asp.net web application which should work as intranet application if windows user logs in and it should ask separate logins if an external user logs in. Is it possible? it can be accessed over internet and internal users uses VPN or the network
where site residesThis forum is for questions about the TechNet Wiki. It might be best to ask your question in the asp.net forums, linked here:
http://forums.asp.net
Richard Mueller - MVP Directory Services -
Lyncdiscover reports HTTP 500 Internal Server Error for external users
Hello,
I have a problem providing lyncdiscover information for external Lync users. The same address works internal (prompts for file download) so I believe the problem is UAG/TMG providing the site which is not my cup of tea. I have a working external lyncdiscover
for other domain in the same Lync + UAG/TMG server environment. I have also checked the public DNS records few times and everything should be fine. Firewall also shouldn't be an issue since it reports the internal server error, right? Any suggestions what
should I check?more information based on Lync Autodiscover Web Service Remote Connectivity Test.
Testing HTTP authentication methods for URL https://lyncdiscover.domain1.com/Autodiscover/AutodiscoverService.svc/root/user.
HTTP authentication methods successful.
Additional Details
Testing HTTP content for URL https://lyncdiscover.domain1.comi/?sipuri=[email protected] has
token="User".
HTTP content isn't verified.
<label for="testSelectWizard_ctl12_ctl06_ctl00_ctl04_tmmArrow">Tell
me more about this issue and how to resolve it</label>
Additional Details
HTTP 200 status received from server, but no token="User".
Elapsed Time: 203 ms.
The same result goes for the other domain that provides the lyncdiscover information correctly for external users. It doesn't seem to solve the root cause but might help to understand
the problem. -
Hi,
1) Internal User expected exception:
Exception: Payments,apply credits,disputes and print are not supported when multiple customer/currency transactions are selected
2) External User is throwing below error instead of throwing above exception.
Error
You are trying to access a page that is no longer active.
The referring page may have come from a previous session. Please select Home
to proceed.
found this MACCHECK from fnd logs of external user payment.
MACCHECK: . Parameter failing validation is :mode. The parameter mode with value MultiPay could not be recognized as part of Server's response on the previous request. Incoming URL is : /OA_HTML/OA.jsp?page=/oracle/apps/ar/irec/endeca/webui/EndecaDummyPG . Current URL is : /OA_HTML/OA.jsp?page=/oracle/apps/ar/irec/endeca/webui/OIREndecaCustHomePG&akRegionApplicationId=222&_ti=1125493452&oapc=10&retainAM=Y&addBreadCrumb=N&oas=6-LL4ndIUFLX-2zjQAQD6A.. . Referer URL is : https://<hostname>:4443/endeca/web/ar/customer?doAsUserLanguageId=en_US&languageId=en_US . HTTP Request Method is : POST
can someone please help.
Thanks,
RRSWell, I compared my classpath between my windows batch file and the
makefile (that comes with the samples installation) on Solaris and realized
that I am using different sets of jars.
So, I removed the extra jars from the makefile to narrow down the
problem. If I remove the /opt/SUNWam/lib/servlet.jar from the makefile,
I can reproduce this problem on the Solaris box as well.
When I include this servlet.jar on my windows machine the program works!
Only jars I have in my classpath are amclientsdk.jar and servlet.jar which
I have copied from my installation (/opt/SUNWam/lib) on the Solaris box.
Just the same way, by copying the am_services.jar, saaj-api.jar, and jaxm-api.jar,
from the Solarix box to the windows machine,
I am also able to pull the assertions from the Access Manager.
I installed Sun Java Enterprise System 2005Q1 on a Solaris 10 machine.
During the installation, I configured to install the Access Manager
in Sun Application Server.
Why do I need to have different set of jars on the windows machine
for the Access Manager client SDK ?
Could you please point me to a download link where I could download
the correct Windows Access Manager Client SDK for
Sun Java System Access Manager 6.0 (Sun JES 2005Q1)?
Thanks. -
OBIEE Download Error - Both Internal and External Users
I have set up a new Group and Workspace today. External users are getting an error when trying to download OBIEE, and so am I. The browser throws a '500 Internal Server Error' and looks like the link no longer exists or is broken. Please help, thanks!
Hi,
I went to beehiveonline.oracle.com/bcentral and accessed the downloads page and was able to download OBEE without any problems.
The direct link is
https://beehiveonline.oracle.com/bcentral/action?page=downloadlanding&appId=Oracle+Beehive+Extensions+for+Explorer+Downl…
What was the URL you were using and where did you find it? There may be an old link I need to correct.
Phi -
INTERNAL and EXTERNAL users authentication via OAM
Hi ,
We have a scenario where in a resource is protected by OAM and we want the internal users in the system to access the resource w/o and authentication , However at the same time we want the external users should be challenged by OAM for credentials .
How to implement such a scenario ?
Any ideas would be helpful ..
Thanks
SidMore details (architecture etc) would be needed to suggest any kind of solution.
Also content served is static or dynamic ? If content is dynamic then backend component (app) would expect identity to be propagated to it. This could be potential issue if internal user wont authenticate.
If it is static content then you can make use of rewrite rules / rewrite conditions to filter ip address (internal users should have some ip address range). Although you may have to do multiple url rewrite at apache level to by pass authentication.
One another solution is to implement zero sign on experience via WNA for internal users. WNA would take advantage of user's login to desktop. Hope this helps. -
How to secure BSP applications for external users on the internet?
I posted this question under Enterprise Portal forum but got no response. I am hoping some of you experts in this area can help.
We have developed BSP applications and set them up as iViews in Enterprise Portal 6. Our portal implementation will be used by external users.
We have security concerns that the access to the BSPs allows external users direct access to the R/3 system. We were told that we should use ITS application instead of BSP application for external users.
Do any of you have any insight into how we could work around the security problem with BSP applications, or BSP applications in EP6? Your help will be greatly appreciated.In sense they are correct as to whether it is more secure or not would have to be a call by people who are more of an expert than myself.
But I can see there point the BSP runs directly on the system and uses the system security where as the ITS is basically just an RFC call. However for us we use a 620 server with BSP's and make RFC calls to our R/3 systems thus keeping people of the R/3 directly - however we are not opened to the Internet.
If your message is answered please remember to mark it solved so others searching in the future can find the solved ones quicker - just click on the yellow star. -
External users cannot manage a persistent chat rooms - result in "Internal Server Errors"
Hi All,
I have small Lync setup based on a Standard Edition server, with the Persistent Chat server co-located on the SE. User within the organisation can manage chat room just fine via the web interface, yet external users are presented with an Internal Server
Error.
Looking at IIS, I can see an Application added to the Lync Internal Web site for Persistent Chat (which points to a physical location of "C:\Program Files\Microsoft Lync Server 2013\Web Components\PersistentChat\Int"), and on the Lync External
site, I see a virtual directory pointing to "C:\Program Files\Microsoft Lync Server 2013\Web Components\PersistentChat\Ext".
Trying to navigate to the external site (on port 4443) on the SE server results in the following error:
Detailed Error Information:
Module
IIS Web Core
Notification
BeginRequest
Handler
Not yet determined
Error Code
0x80070021
Config Error
Configuration section not allowed to be set below application
Config File
\\?\C:\Program Files\Microsoft Lync Server 2013\Web Components\PersistentChat\Ext\web.config
Requested URL
https://localhost:4443/PersistentChat/RM/?clientlang=en-US&id=72C81A04-8B9F-4F12-BBA1-422915236795
Physical Path
C:\Program Files\Microsoft Lync Server 2013\Web Components\PersistentChat\Ext\RM\
Logon Method
Not yet determined
Logon User
Not yet determined
Config Source:
8: <system.webServer>
9: <modules>
10: <remove name="PreAuthModule" />
Any ideas?
Cheers
ChrisIf this is the one I think I've seen, Graham Cropley blogged about it:
http://www.lyncexch.co.uk/persistent-chat-december-2014-cu-500-internal-server-error/
Check out Fix #1.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications
This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Very nice, and thank you again. Interesting article, and it appears that the issues persist even after the February 2015 CU.
Chris -
Enterprise Portal Log off Issue for External User
Hello
We are facing a Enterprise Portal log off issue for one of our external users.
User is logged in and clicks on the "Log Off" link .
User is prompted as seen below:
Are you sure you want to logg off?
Choose Yes or No
Click on Yes and popup window goes away and nothing else happens.
These problems logg off issue problem happening on Internet Explorer 6 but from from firefox browser, its working.
Also popups are not blocked on IE.
EP version with SP level is EP 7.00 SP12.
Even though from Internet explorer 6, i can log in and log off with internal user.
Please advise for the log off problem .Hello
I added the value ume.logoff.redirect.url =https://poqwas.synenco.com/irj/portal
on Config Tool Global Paramter settings.
Then restart the server.
But I am getting the same problem.when I login with external user ID, then make log off. Nothin Happen...
Please advise -
Excel Services Connectivity on Sharepoint 2013 for external user
Currently , external user is able to refresh the data on sharepoint site through browser. the data connection is pointing the one of the external data source. But how can an external user (Internet user which accessing sharepoint through internet) download
a copy of excel in sharepoint library and open the excel workbook with data refresh ability at client machine ?
Do we need client machine to be able to access / ping the external data source?
Thanks.Thanks for the response.
They want to perform data analysis and design their own report with own template , for example : to remove subtotal from the powerpivot tables which we cannot change the formatting at the excel services at browser level.
So if i understand correctly, we need to get the client machine to be able to access to the database server directly to get the access to the cube for data analysis although we had this odc file connection setup, am i right?
For internal user, network team should open port / access for them to access database server directly.
For external user, either to open public access to the database server directly or setup a VPN connection for the external user to access the database server in their secure network.
Let me know if i understand this correctly.
Thanks. -
RDS - .local domain and external users. Best way to get rid of SSL warnings
I am evaluating MS RDS as a possible solution for a VDI implementation at the college I work for. When we setup our AD years ago we set it up as a .local domain. I am running into issues with the .local machine name on the connection broker for
external users. I know for internal domain systems we can setup the self signed .local cert as a trusted root cert to bypass the self signed untrusted warning but for the bulk of our users which will be using systems external to our domain they
will get the SSL warning about the self signed certificate when they try to connect to a remote app or a desktop.
Initially I thought if I setup a local AD CA that we could setup a trust relationship with the SSL cert. After further reading I believe that this would only work for systems internal to our domain and we would still have the issue with external devices.
The other option would be to tell our users to click the box to never display the warning message again and to go on or to add the self signed cert to their trusted list. Of course when ever you ask the user to do something there will be issues. We
have also found that in our testing that we can not seem to connect via the web portal with a macbook. We get an error that there is a problem with the trust relationship with the server after we login and click on an app or a desktop to connect. We
have been able to connect with iOS devices.
We could of course rename the .local domain to a .edu domain which would permit us to use our wildcard certificate but that is a major undertaking that we don't want to cross at the moment. I think I might have some up with a solution and wanted to
bounce the idea off of those on this forum.
If we setup a second domain on campus that is not a .local. Join the non internet facing RDS systems to this new domain that would have a SSL cert that was trusted and then setup a full trust relationship between the two domains such that users and
systems in one domain could communicate with the systems in the other domain would that remove the certificate warnings for external users?Hi AKlein,
Initially I thought if I setup a local AD CA that we could setup a trust relationship with the SSL cert. After further reading I believe that this would only work for systems internal to our domain and we would
still have the issue with external devices.
Just add the root CA certificate of the internal CA into Trusted Root Certification Authorities store on external clients manually (or through group policy if there is an external domain), then SSL certificate warning would be gone.
We could of course rename the .local domain to a .edu domain which would permit us to use our wildcard certificate but that is a major undertaking that we don't want to cross at the moment.
Yes, renaming domain is not recommended due to its complexity.
If we setup a second domain on campus that is not a .local. Join the non internet facing RDS systems to this new domain that would have a SSL cert that was trusted and then setup a full trust relationship between
the two domains such that users and systems in one domain could communicate with the systems in the other domain would that remove the certificate warnings for external users?
If you are setting up a new domain with two way trust, then root CA certificate of the internal CA still needs to be distributed manually (or through group policy). If you are setting up a child domain, then enterprise CA would be trusted within the same
forest.
As long as there are enough external users and devices to manage, an external private network exists and extra domain management tasks are acceptable, then setting up a new domain is a good choice since domain provides secure boundary.
Or, you could just create a new site from the other network location, which saves you from creating a new domain, new users and trust.
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected] -
RD Gateway - 404 - File or directory not found - Remote Desktop Services 2012 R2 - External users
Hi All,
I’m currently deploying RDS to our network, I’ve installed and configured the RD Gateway role – accessing https://remote.external.com/RDWeb internally works fine but not externally. Externally https://remote.external.com reaches the servers default IIS page
but once I put /RDWeb I get the error 404 – File or directory not found.
I’m not sure what’s not configured properly but below is the setup – keep in mind that the internal domain is different to the external FQDN i.e. the server name of the GD Gateway is Server4.internal.pri and the FQDN to access RDS externally is remote.external.com
- Server1.internal.pri Internal Network
RD Session Host
- Server2.internal.pri Internal Network
RD Session Host
- Server3.internal.pri Internal Network
RD Connection Broker, RD Licensing, RD Web Access
- Server4.internal.pri DMZ Network
RD Gateway DMZ IP/ Internal IP
- Certificate for all servers is a wildcard *.external.com
In the RDS Deployment Properties
Deployment Properties> Certificates> all certificates are configured with a wildcard certificate e.g. *.external.com
Deployment Properties> RD Web Access server= server3.internal.pri URL = https:// server3.internal.pri/RDWeb
Deployment Properties> RD Gateway> Server name = remote.external.com – I’ve understood that this is the URL (FQDN) to access RDS and not the RD Gateway servername itself
RD Gateway Manager Properties
Browse and import certificate> *.external.com
Transport Settings> IP address for HTTPS = 192.168.x.x (DMZ IP)
Transport Settings> IP address for UDP = 192.168.x.x (DMZ IP)
IIS
Both the RD Gateway and the Connection Broker have https certificate as *.external.com and in the site bindings https is * for ip addresses, specifying the DMZ IP on the RD Gateway doesn’t fix the issue
DNS, Network, Domain etc..
remote.external.com points the Public IP in DNS with an A record – Public IP is NATed to the RD Gateways DMZ IP on the firewall – RD Gateway is joined to the domain – RD Gateway has another NIC with an internal IP
Firewall
Port 80, 443, 3391 is open from the internet to the RD Gateways DMZ IP, RD Gateway also has an internal IP with full access to the other RDS roles
Errors I receive with the MS Best Practice Analyzer
Problem:
The Remote Desktop Gateway (RD Gateway) server Secure Sockets Layer (SSL) certificate may not have a valid certificate subject name.
Impact:
If the RD Gateway server is configured to use an SSL certificate with a certificate subject name that is not valid, users cannot connect to internal network resources (computers) through the RD Gateway server.
Resolution:
Use the RD Gateway Manager tool to select a valid SSL certificate for the RD Gateway server to use.
Even though I did configure this… seems like it might be from the split DNS
Other
I can access RDS from the RD Gateway box https://remote.external.com and client machines
no certificate errors internally, either externally when I reach the default IIS page of the RD Gateway i.e. https://remote.external.com
Any help is much appreciated!Thanks TP,
I have many public IP's available. Do I need to install the RD Web access role on the DMZ server that has the RD Gateway role even if i have spare public IP's available?
I've basically have this setup "3.1. RD Gateway without AD DS in perimeter network deployment:"
On the below link
http://blogs.msdn.com/b/rds/archive/2009/07/31/rd-gateway-deployment-in-a-perimeter-network-firewall-rules.aspx
currently there's an CNAME record in DNS for remote.external.com which points to Server3.internal.pri
which holds the RD
Connection Broker, RD Licensing and RD Web Access roles
Are you saying to create an A record and point it to Server3.internal.pri
internal IP? I'm not getting certificate errors (yet) so do i have to run the script? i ask this as the error message i'm getting (404 - File or directory not found) doesn't seem to be related to certificates, i'm making changes to a production environment
so i have to be extra carefull!
Cheers!
Maybe you are looking for
-
Can I create a home network withous dsl connection with airport express
can I create a home network without dsl connection with airport express? So it means I can't connect to my HP Airprint/Wireless printer without exretnal connection through ISP?? Just need to print from my Mac and iphone. I have Vodafone Prepaid conne
-
HT1657 Where do I find my rented movie on my iPad. Then how do I get it to play
Where do I find my rented movie and how do I play it. It shows it was downloaded.
-
We have created a linked server.We are getting below error when a trigger is executed from the source server. 1)OLE DB provider "SQLNCLI" for linked server "Destination server" returned message "The partner transaction manager has disabled its suppor
-
Hi, we had trouble with our phone /BB and vision which were down for about ten days. fault was found to be the line between pole and the main socket into the house, The; B.T engineer replaced the line and socket; which sorted out the phone, but inter
-
Cant Click on desktop and cant find dock
can somebody plz help me out to figure this problem out. why cant i click on desktop and cant see dock on destop.