To publish an application do the following:
1) Click on the site name. In the right pane under applications, click on Add to add applications to the site.
This will open Add Application Wizard.
The Add Application Wizard is categorized into different application types. Under each main application type, there are subsets of application templates available. Select the application template that best suits your internal application type. If it is a web-based application, select Web in the list. If it is a client/server or browser-embedded application type, select appropriate type and the template from the dropdown list to start application publishing in TAC.
Additionally, TAC is equipped with many standard and well-known application types such as Microsoft SharePoint, Microsoft Exchange, Citrix and so on. TAC also provides common application templates to publish your own applications, which may be developed in-house. Administrators can publish their own applications using Custom (site’s host name) and Custom (own host name) templates. Publishing custom web applications is explained in Advanced Application Configuration (Chapter 6).
Each application type has its own set of steps, which may vary for different application types. You need to carefully read the steps when you configure your application.
2) Click Next.
3) Provide application name and application type. Application type will be grayed out if you used a pre-application template for SharePoint and Exchange.
4) Click Next.
5) Select Server-type: Single application server or farm of application servers.
Note: More information about configuring farm of application is covered in the next section.
6) Click Next.
7) Define the back-end application server properties. The application server property page may differ, depending on the server-type you have selected in the previous step.
Single Application server settings
Farm of application server settings
- Address - Define the application server IP Address or the FQDN. If you selected farm of application in the previous step, you may need to add all of the application servers that participate in load balancing.
Important: If you have firewall device between TAC appliance(s) and application server, you need to configure that firewall and allow communication from TAC internal IP to all application servers and ports, used in application publishing.
- Port – Port number
- Check Use HTTPS (SSL) if you want to secure the connection from TAC Gateway to backend server.
- Public host name – Public host name that end users will use to connect to the application from the internet.
- Select Custom Host Header if you need to pass Internal Host name of website as the HOST header to the web server and not to the public host name. When you publish an application in TAC using own host name template and other templates that internally are own host name template, by default, TAC passes public host name of the application as the HOST header when making request to backend web server. If you have multiple web applications bound to the same IP:Port, sometimes the backend web server won’t be able to map the website using public host name. In that case, it needs to distinguish websites on the web server and Custom Host Header settings in TAC, replacing the public host header with the site’s own Host header value to map the request to the correct website on a backend web server.
8) Click Next.
9) Select authentication server for the application if the application uses Single Sign on (SSO). Click Add under Single Sign On (SSO).
a) Click Add under Single Sign On (SSO).
b) This will open Authentication and Authorization window.
c) Select the Authentication Server from the configured servers.
d) Click Select.
10) In Multiple server handling, select appropriate option from the drop-down menu. This option will come to picture, if the application has multiple authentication servers listed, select whether the application require to authenticate all the listed authentication repositories or any of a repository is enough to validate the authentication.
11) Select authentication type and Pre-authentication type. These options are dependable on the application type.
12) Select External Authentication type in External Authentication section.
13) Select Use UPN logging during SSO and enter UPN domain name. These options are optional depend on the authentication method used for the application.
- For an example, an application may use basic authentication and require UPN login style. TAC can translate AD credentials with down-level logon name (Corp\user) into “user@corp” form. Some application may want to see FQDN in UPN, for that you may enter value into UPN domain field “corp.contos.com” and during SSO TAC would use “email@example.com”. (More information about UPN HERE )
14) Click Next.
15) Under the security window, select Authorize All Users to authenticate all users.
Note: If you select the Authorize All Users checkbox, it will provide access to all valid users except users that have Deny Attribute set on Users and Device Management console. Please see Users and Device Management for more details.
16) Under Security window, you can select the access policies that are defined for your infrastructure. You may use predefined access policy templates, or you can define your own custom access policies. Before you define any access policies for an application, you have to create the policies. See Access Policy for more details.
17) Under HTTP section, add “Allowed HTTP methods” for HTTP protocol security options. This setting provides advanced security control and limiting allowed HTTP methods per application. If you add any HTTP method like GET, POST; only those methods are allowed to processing the application and other methods outside the list will be ignored.
18) Click Next.
19) Under the application link:
a) You can provide a name for the application. The URL shows how the application link is rendered in the portal.
b) You may add a short description
c) You may group applications in the portal using Folder path field. If you have multiple application which is common, you may group them under single folder using “/Folder1/path1” format. Administrator can use folder nesting to organize applications in the portal. By default, applications are listed in portal using root path (/).
d) Check “Policy” checkbox to hide any application in the portal, if access policy doesn’t allow access. See Chapter 7 for more details about Access Policy.
e) You can select an icon for how the application appears in the portal.
f) Administrator may define HTML CSS class to change the style set of the application
g) Select background color for the application listing in the portal.
20) Click Next.
21) Configure how application log off is handled (optional):
a) Enter Log off URL path.
b) Select Call application log off URL on back-end server to logoff the user from backend server.
c) Select Redirect user to TAC application log off page that users will be landing on to log off TAC page. Note: This option will become active upon selecting first option.
d) Select Remove application specific SSO credentials on application log off to wipe SSO credentials on application log off.
e) Select Trigger automatic application log off in case of no activity (no data exchange) after value of seconds. Enter the seconds in the box.
22) Click Finish.
Your application is ready to publish.