It's all about the answers!

Ask a question

RTC plugin for RSA with Microsoft ForeFront Gateway


Tony Kambourakis (61) | asked Nov 30 '11, 6:45 p.m.
Hi,

We are having trouble using the RTC (3.0) plugin with Rational Software Architect (8.0.3) and working through Microsoft's ForeFront Threat Management Gateway (secure web gateway).

Some of our intranet applications are accessible externally from the Internet via this ForFront system. You request the URL for a specific application, ForeFront intercepts the request and prompts you for a username/password and then forwards you back to the requested application.

Given RTC is using HTTP I believe that this prompt for a username/password is causing us the issue within the RTC plugin in RSA. Would it be possible to detect this ForeFront interception? It appears to redirect you to a different URL when it prompts you for the credentials and then redirect you back to your original URL request. The RTC plugin (or RSA) could open an embedded web view to all allow the user to enter their credentials. If I open a browser to log in and then try to use RTC/RSA it doesn't work. I suspect that Forefront is expecting the same Process ID/Port? Same happens when I log in using say Safari, authenticate and then try the same url using Firefox - it forces me to log in again.

Any advice on how this may be solved would be appreciated. I assume it requires some extension to RTC thus I have posted here.

Tony

One answer



permanent link
Jared Russell (1.3k12019) | answered Dec 01 '11, 1:13 p.m.
I had a similar situation to yours a while back: we were using an Apache reverse proxy that required users to authenticate before they were allowed to access *any* proxied resource.

Unfortunately there are a number of web-services that RTC provides that are accessible without authenticating with the RTC server (e.g /ccm/versionCompatibility). The eclipse plugin expects to be able to connect to these without being challenged for credentials, meaning that when your gateway asks for credentials, the eclipse plugin fails to connect (probably with an error about a version mismatch).

Unfortunately, the only way around this is to make the relevant resources available without authenticating them at the gateway.

Note that there are other issues with what you're trying to do: I imagine that the RTC public URL does not match the URL of the Forefront Gateway? If this is the case, many of the internal URL's that RTC generates will be to the configured public URL, rather than the URL of the gateway.

In this situation I think that the easiest solution would likely be to provide your users with a VPN access to the intranet so that they can connect directly to the RTC server, bypassing all of the above issues.

Hi,

We are having trouble using the RTC (3.0) plugin with Rational Software Architect (8.0.3) and working through Microsoft's ForeFront Threat Management Gateway (secure web gateway).

Some of our intranet applications are accessible externally from the Internet via this ForFront system. You request the URL for a specific application, ForeFront intercepts the request and prompts you for a username/password and then forwards you back to the requested application.

Given RTC is using HTTP I believe that this prompt for a username/password is causing us the issue within the RTC plugin in RSA. Would it be possible to detect this ForeFront interception? It appears to redirect you to a different URL when it prompts you for the credentials and then redirect you back to your original URL request. The RTC plugin (or RSA) could open an embedded web view to all allow the user to enter their credentials. If I open a browser to log in and then try to use RTC/RSA it doesn't work. I suspect that Forefront is expecting the same Process ID/Port? Same happens when I log in using say Safari, authenticate and then try the same url using Firefox - it forces me to log in again.

Any advice on how this may be solved would be appreciated. I assume it requires some extension to RTC thus I have posted here.

Tony

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.