Custom web application (Own host name)

Definition of a Custom web application (own host name): 

In TAC, own host name application, also known as AAM- like (Alternate Access Mapping) application template is used to publish AAM aware applications. If an application can publish using its own public host name, which differs from Site’s host name, is referred to as Own host name application. On the other hand, own host name applications can be accessed directly using its own host name and does not require going through accessing site and launching through the site.  

Consider an example of a company that is publishing a site with a public host name of portal.contoso.com. This site has a collection of web applications such as HR, Accounts and so on. 

Users of the HR department need to access their web application only and do not want to go through initial launch page to find their application from the bunch of applications published in the site.

If the HR applications published using Custom (own host name) application template, then they can access their application directly using the HR application’s own host name (Example: hr.contoso.com).  

It must be noted that to access such application directly using application’s own host name, the specific host name must be publicly resolvable to the same IP which the Site’s public host name pointed to. If the application is configured in HTTPS Site, then the SSL certificate used on the Site should also include Application’s own host name, otherwise browser will show certificate error when launching the application directly from the browser. To accomplish the certificate use for multiple applications, administrator may use wildcard certificate or SAN (Subject Alternative Name) certificate which includes all specific application’s own host names. 

To publish Custom web application (Site’s host name), do the following: 

1) Select the site and click Add under Applications 

2) In Add New Application wizard, select Custom (own host name) under Web dropdown. 

3) Click Next. 

4) Provide an application name and an application type.  

Image 

5) Click Next 

6) Select Server-type. Single application server or farm of application servers. 

7) Click Next 

8) Define the internal application server properties.  

  • Address:  Define the application server IP Address or the FQDN 

  • Port:  Port number 

  • Check Use HTTPS (SSL) if you want to secure the connection from TAC gateway to backend server 

  • Public host name: Public host name that end users will use to connect to the application from the internet 

  • Select Custom Host Header if you need to pass Internal Host name of website as the HOST header to the web server and not public host name. When you publish an application in TAC using own host name template and other templates that internally are own host name template, by default, TAC passes public host name of the application as the HOST header when making request to backend web server. If you have multiple web applications bound to the same IP:Port, sometimes the backend web server won’t be able to map website using public host name. In that case, it needs to distinguish websites on the web server and Custom Host Header settings in TAC, replacing the public host header with the site’s own Host header value to map the request to the correct website on a backend web server. 


Image 

9) Click Next.   

10) Select authentication server for the application if the application uses Single SignOn (SSO).   

a) Click Add under Single SignOn (SSO).  


Image 



This will open Authentication and Authorization window. 








Image 


11) Select the Authentication Server from the configured servers. 

12) Click Select. 

13) Select Pre-authentication type. 

14) Click Next 

15) Under the security window, select Authorize All Users to authenticate all users.  


Note:  If you select the Authorize All Users checkbox, it will provide access to all valid users except users that have Deny Attribute set on Users and Device Management console. Please see Users and Device Management for more details. 



Image 

16) Under Security window, you can select the access policies that are defined for your infrastructure. You may use predefined access policy templates or you can define your own custom access policies. Before you define any access policies for an application, you have to create the policies. See Access Policy for more details.  

17) Click Next. 

18) Under the application link, you can provide a name for the application.  The URL shows how the application link is rendered in the portal.  You can select an icon for how the application appears in the portal.  

Image

19) Click Next.   

20) Configure how the application log off is handled (optional): 

a) Enter log off URL path. 

b) Select Call application log off URL on backend server to logoff the user from backend server. 

c) Select Redirect user to TAC application log off page that users will be landing on to TAC logoff page. Note: This option will become active upon selection of first option. 

d)Select Remove application specific SSO credentials on application logoff to wipe SSO credentials on application logoff 

e) Select Trigger automatic application logoff in case of no activity (no data exchange) after value of seconds. Enter the seconds in the box. 

Image

21) Click Next. 

22) Click Finish 

Your application is ready to publish. Remember to apply configuration to take affect your changes in TAC.