Overview#
Proxy-Based WAM architectures is where all web requests are routed through the Proxy Server.Access to the back-end HTTP-Application servers can only be accessed via the Proxy-Based WAM.
Proxy-Based WAM can provide a more universal integration with HTTP servers since the common standard protocol, HTTP, is used instead of vendor-specific application programming interfaces (APIs).
Proxy-Based WAM acts as a contact point between the user's web browser and the HTTP-Server as a Protected Resource.
The Proxy-Based WAM masks the protected web server by presenting different external URLs to the internal URLs.
The Proxy-Based WAM becomes the communication point and can control access and carry out Single Sign-On operations. Ideally, it is not necessary to modify the protected application.
Advantages of Proxy-Based WAM#
Proxy-Based WAM has several advantages:- Proxy-Based WAM completely independent of the web servers, both technically and environmentally.
- Several Proxy-Based WAM implementations provide high availability and load balancing of the access points.
- Several Proxy-Based WAM implementations are able to consolidate WEB Server to appear as a single site.
- Applications served from two different WEB servers could appears as the same: willeke.com/cars and willeke.com/boats could be hosted on different servers.
- Several Proxy-Based WAM implementations allow administrative delegation so WEB Admins can alter their site configurations.
- Migration from one product to another is less impactful to the environment.
- No Agent installations or upgrades.
Drawbacks of Proxy-Based WAM[1]#
Nevertheless, this technology does have some drawbacks:- The web application must be correctly written and contain clean URLs, and typically the URLs must be relative to the root of the website.
- Some reverse proxies only modify the HTTP headers and are not able to modify the HTML content of the pages.
- The advent of AJAX technologies and URL and Javascript modifications make it difficult for reverse proxies to analyse page links and reconstruct external URLs.
- The web application should not contain absolute links to other internal applications which are also accessible behind a reverse proxy.
More Information#
There might be more information for this subject on one of the following:- Cache-Control
- Ping Identity
- Tivoli Access Manager
- WEB Access Management
- Web Blog_blogentry_010317_1
- WebSEAL
- [#1] - What is the Web SSO
- based on data observed:2015-05-18