This article describes how web resources are used in Smart ID Digital Access component.
Web resources are applications with a web interface, or any files accessible in a web browser.
Link translation is used to ensure that all traffic to registered web resource hosts are routed through the access point. With link translation, web resource hosts are as secure as a tunnel resource host. When a user connects to a page on a server via the access point, all absolute and (depending on link translation type) semi-relative links to other servers are translated to point to the access point. Translated, or re-written, links contain information about the original server and what protocol to use.
A web resource has a resource host (or root) which may have one or several paths connected to it.
- A resource host defines an http or https server based on a URL.
- A resource path defines a subset of a web server, if you want to restrict user access for that subset only.
Example
Host: www.nexusgroup.com
Path: /securefolder/securepage.htm
When using web resource paths, you can set your own security levels with access rules for specific applications and files. You can also choose to allow web resource paths to derive its authorization settings (consisting of access rules and advanced settings) from the parent web resource host or path.
A first web resource, the access point root path, was added to Digital Access component during the Setup system wizard, when the access point resource host was registered. The access point root path cannot be deleted.
A number of settings can be specified globally to apply to all web resources as well as tunnel resources. Global resource settings cover internal proxy settings, mapped DNS names, filters, and link translation.
Step-by-step instruction
Log in to Digital Access Admin
- Log in to Digital Access Admin with an administrator account.
Add web resource
- In Digital Access Admin, go to Manage Resource Access.
- Click Web Resources > Add Web Resource Host.
- Enter settings for the web resource host. For more information, click the ?-sign.
See also Add web resource with SNI in Digital Access.
Link translation
- The link that will be translated is from Manage Resource Access > Web Resources > Add Web Resource Host > General settings > Alternative Hosts
- Check Specify alternative hosts to manually add alternative hosts.
To create the alternative hosts automatically, click Generate Alternative Hosts.
The Registered Alternative Hosts list displays all created hosts, either manually added and automatically created.
The alternative hosts names defined here will automatically be rewritten to point back to the Access Point given the rules in the Link Translation tab.
Select a Registered Web Resource and click Edit Resource Host...
On the Link Translation tab you can specify request and response headers that should be filtered. All headers entered must be one-valued.
A link can sometimes be divided into subsets, for example by protocol, host, and URI, and then dynamically put together to form a link by the browser. In that case, the Access Point cannot establish if it is a link or not and consequently cannot translate it. To solve this issue, DNS mapping is used. A DNS name or an IP address pointing to the Access Point is mapped to an internal host and protocol: a mapped DNS name. All mapped DNS names are added to a DNS name pool. From there, you select to map Web hosts to DNS names using one of two methods. These are found in the Advanced Settings tab under Access Setting.
Reserved DNS mapping
When using Reserved DNS mapping, the Web resource is mapped to a specific DNS name in the DNS name pool.
Pooled DNS mapping
When using Pooled DNS mapping, the Web resource is assigned the first available DNS name from the DNS name pool. This is performed once per session.
- URL Mapping
The resource does not use a mapped DNS name (default).
- Click Save when done.
Related information
