Managing client endpoints during an IAG session

  • Article

Applies To: Intelligent Application Gateway (IAG)

This topic describes settings you can configure to manage Whale Communications Intelligent Application Gateway (IAG) 2007 client endpoints during a portal session.

Configuring client endpoints

To configure client endpoints during a portal session

  1. In the IAG Configuration console, click the portal node.

  2. Next to Advanced Trunk Configuration, click Configure.

  3. In the Advanced Trunk Configuration dialog box, click the Session tab.

  4. Click Disable Component Installation and Activation to disable the installation of IAG components on endpoint computers.

    Selecting this option disables some IAG functionality such as endpoint detection, the SSL wrapper, attachment wiper, and certified endpoints. In addition, endpoint policies are not enforced. This affects all client endpoints with a portal session, including endpoints on which components are currently installed. Ensure that you are familiar with client endpoint components before enabling this option. For more information, see IAG client endpoint components reference.

  5. Click Disable Scripting Before Application Starts to disable scripting options defined when a portal application is accessed. These scripting options are defined in the folder \Whale-Com\e-Gap\von\InternalSite\StartApp.asp. Options defined in this file include activation of an application's prerequisite applications, if any are defined, and an application's startup page, if one is defined.

    Enabling this option disables all portal applications that are defined as Client/Server and Legacy Applications. You should enable this option for troubleshooting purposes only.

  6. Click Use Endpoint Certification to specify whether certified endpoints are evaluated for the portal session. Click Verify User Name Against Certificate to compare the user login name with the user name for which the client certificate was issued. With this option enabled, the certified endpoint is evaluated per user and not per endpoint. For more information, see Configuring certified IAG client endpoints. Note that this option is relevant only for HTTPS connections to the portal.

  7. In Default Session Settings specify a value in Inactive Session Timeout(Seconds) to indicate the maximum time a session can be inactive before it expires. By default the client endpoint is prompted to renew the session 30 seconds before session timeout. If it is not renewed it is closed and when the browser next sends a request a new session is opened. If authentication is required credentials are requested. Then configure the same settings for privileged sessions in Privileged Session Settings.

  8. In Default Session Settings click Automatic Scheduled Logoff After <minutes> minutes and specify how many minutes should lapse before the configured logoff scheme is triggered. This settings applies only if the setting Logoff Scheme is enabled on the Authentication tab. Then configure the same setting for privileged sessions in Privileged Session Settings.

  9. In Default Session Settings click Nullify Cookies on Logon to specify whether session cookies are set to "Expired" when the session is terminated and deleted from the client endpoint. Then configure the same setting for privileged sessions in Privileged Session Settings.

  10. In Default Session Settings click Avoid Browser-side Caching to specify that the client endpoint browser should not keep pages in the browser cache during a portal session. Then configure the same setting for privileged sessions in Privileged Session Settings. This behavior is achieved by adding the header "vary:*" to the response. Note that you can add a different header to the response by adding an <ADD_HEADER> element to the application customization file.

  11. In Default Session Settings and Privileged Session Settings, click Nullify Activate Attachment Wiper (ActiveX) to activate the attachment wiper for the portal session. For more information, see About the IAG Attachment Wiper component.

  12. Click Attachment Wiper Cleans Application-Specific Temporary Files to enable the attachment wiper to clean specific application files.

  13. Click Prompt User to Disconnect Channel when Portal is Closed without Logoff to specify whether client endpoints are prompted to disconnect the session when the portal Web site closes without a logoff. If you have enabled this option, click Re-open Portal if User Selects to Keep Channel Open to ensure that when the portal windows closes without logoff and a user selects not to close the open SSL wrapper channel, the portal window is reopened. This prevents SSL wrapper applications from running outside the browser environment.

    A portal may close without the user logging off when a browser crashes or when a user accesses a non-portal page from within the portal but the portal remains opens to enable connections to applications. Note that this option is applicable for portals publishing SSL wrapper applications (client/server applications, legacy applications, and browser-embedded applications).

  14. In Endpoint Policies, click Prompt Users when Retrieving Information from Endpoint to specify that client endpoints should be informed when IAG is collecting information.

Note

Enabling this setting allows client endpoints to select Enable and continue with full functionality to specify that they give their consent for the collection of information. Alternatively they can select Continue with limited functionality to specify that the Endpoint Detection component should not be activated, and that information should not be collected. This may result in limited functionality.

  1. In Endpoint Settings, select Uninstall Socket Forwarding Components to specify that the Socket Forwarding components should be uninstalled from each endpoint computer when the user next accesses the site. If more that one Socket Forwarding component is installed on a client endpoint, activating this option only deletes the component of the current IAG version. With this option select, the Socket Forwarding component will not be installed on client endpoints, regardless of whether the client endpoint conforms with the Install Socket Forwarding Component policy. For more information, see About the IAG Socket Forwarding component.

  2. In Endpoint Settings, select Add Site to Pop-Up Blocker's Allowed Sites to add the site to the list of allowed sites in the Internet Explorer pop-up blocker. This ensures that pop-ups from the site are not blocked and that users continue to receive messages and notifications. The site is removed from the list when IAG client endpoint components are uninstalled. When the user connects and the site is added, a pop-up message notifies the user of the proposed addition.