Technical documentation

User Tools

Site Tools

Trace:
maintenance:general:http_proxies
LDAP: couldn't connect to LDAP server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

maintenance:general:http_proxies [2020/02/20 08:36] – created yspeertemaintenance:general:http_proxies [2022/05/25 08:42] (current) yspeerte
Line 1: Line 1:
 +====== Http Proxy servers ======
 +
 +
 +NetYCE uses session cookies for each login that allow for single-sign-on for the duration of the session (which is limited by default to 12 hours). These session cookies are created in such a way that they allow access to NetYCE systems in different environments (like production and test), even when the user was logged in to the production environment only.
 +
 +For this reason these session cookies are calculated from various components. Among these is the client ip-address which is present to distinguish between sessions for the same user-id originating from different locations (multi sign-on).
 +
 +In situations where the users access the NetYCE systems using multiple proxy servers this mechanism breaks down because the proxy server ip-address is used. Depending on the proxy server chosen a cookie is validated or rejected and single-sign-on over the various systems becomes unpredictable.
 +
 +To overcome this problem, the ip-addresses of these proxy servers can be added to the NetYCE configuration which are then properly handled to create the required session cookies.
 +
 +The ip-addresses of the used proxy servers must be added to the NetYCE system configuration file ''**<sysname>_yce.conf**'' that is located in the directory ''/opt/yce/etc''.
 +
 +Edit this file (as 'yce' user) and locate the ''@proxies'' list. Should the list not be included, execute ''yce_setup.pl -r'' which will add the entry. If it does not, the feature is not supported in you running version (requires 7.2.0 or higher).
 +
 +<code perl>
 +# optional proxy servers for users (login ip override)
 +our @proxies = ();
 +</code>
 +
 +Change the entry to include all ip-addresses of the proxy servers in the ''@proxies'' list as below.
 +
 +<code perl>
 +# optional proxy servers for users (login ip override)
 +our @proxies = ('172.17.10.1', '172.17.10.2', '172.17.10.3');
 +</code>
 +
 +After saving the file, restart the mojo process (as 'yce' user)
 +<code>
 +go restart mojo
 +</code>
 +
 +This procedure must be repeated for all NetYCE servers in the various environments. The proxy address entered may be different from system to system depending on setup. There is no limit on the number of proxy addresses.
 +