locked
Publish HTTP site on HTTPS RRS feed

  • Question

  • I am using UAG with SP1.

    I published an HTTP site on HTTPS trunk. The site requires user to logon using this URL HTTP://..../login which gets redirected to HTTP://.../ldaplogin.

    When accessing the server directly, logon process works OK. (Below is fiddler trace)

    GET http://type.company.com/ 200 OK (text/html)
    GET http://type.company.com/login 302 Moved Temporarily to http://type.company.com/ldaplogin
    GET http://type.company.com/ldaplogin 401 Unauthorized (text/html)
    GET http://type.company.com/ldaplogin 302 Moved Temporarily to http://type.company.com/loadcourse?courseid=TMIT3-uk-0010&login=1
    GET http://type.company.com/loadcourse?courseid=TMIT3-uk-0010&login=1 302 Moved Temporarily to http://type.company.com/studying

    When accessing through UAG using HTTPS trunk i get error message. I was told that that problem is caused by 302 response from the server which puts HTTP://.../ldaplogin in the header

    This is 302 header when accessing the server directly

    GET /login HTTP/1.1
    Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
    Accept-Language: en-US
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
    Accept-Encoding: gzip, deflate
    Connection: Keep-Alive
    Host: type.company.com
    Pragma: no-cache
    Cookie: __utma=32083238.1723774936.1312506827.1313026027.1313656074.10; __utmz=32083238.1312506827.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); NLSessionCanon=Td9DYWzqdAUJAs0jOQVBt+DVEvpgVpAex4qMIMBFgVkzEV8uJdgVcJpi7GJn5UlikDriUgAyMbqvkBunSDILUq6tSyQ51vthrmyRvu7ako0+t+uyTwCKD/hnXI0PyqKu; tm_compid=1; JSESSIONID=5311C063708EA165BA34E815F19CBC8E

    HTTP/1.1 302 Moved Temporarily
    Server: Apache-Coyote/1.1
    P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
    Set-Cookie: JSESSIONID=BFFD76FB023845A7823D3431586FE2F6; Path=/; HttpOnly
    Pragma: no-cache
    Cache-Control: no-cache
    Expires: -1
    Location: http://type.company.com/ldaplogin
    Content-Length: 0
    Date: Tue, 23 Aug 2011 06:44:02 GMT

    This is 302 header when accessing HTTPS://.../login through UAG (UAG SSL Trunk URL is uagssl.company.com - there is no DNS record for it)

    GET /login HTTP/1.1
    Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
    Accept-Language: en-US
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
    Accept-Encoding: gzip, deflate
    Host: type.company.com
    Connection: Keep-Alive
    Cookie: __utma=32083238.1721544931.1313024956.1313024956.1313024956.1; __utmz=32083238.1313024956.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=www.company.com; NLSessionSanonssl=BI6Dvbpg6ue8i7hyj2kzwlXVQyvmYN5q3aE00+fa+ZxlN0ukAPOYa2eKkAzdTnJegb4R9eM64xKQQ1f3fHYcOvTfNspOEWDcNO5NVyr85ZDSUiba5cWwjjU+z+1X8Fsi; ASPSESSIONIDCATAQADC=HKEBEAPAHMMBNEADKBKBIOPC; NLSessionCanonssl=1QvurfmukWFdMO40FpocNTPXIDpMz9jGPKxD050Q3Ygs+uuwF/OizJ+fghyQsA6Dh9gdVtHxFgZg0+MRlvSH46KJYMbAJiacs/ZCT4UBHkznHfJQgQ5jKarlwpI+C9MZ

    HTTP/1.1 302 Moved Temporarily
    Content-Length: 0
    Location: https://uagssl.company.com/uniquesig1e903adc8443cd7296e0a783e321d422b6930cb57d3833d0ad002ac3d6ee4240/uniquesig0/login?chk=1
    Server: Microsoft-IIS/7.5
    P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
    Set-Cookie: JSESSIONID=076D30C0491893B3D94CA34082456A3A; HttpOnly; Path=/
    Set-Cookie: tm_compid=1; Expires=Sun, 23-Oct-2011 06:36:16 GMT
    Set-Cookie: tm_sessiontest=session_cookie
    Server: Microsoft-IIS/6.0
    Set-cookie: NLSessionSanonssl=BI6Dvbpg6ue8i7hyj2kzwlXVQyvmYN5q3aE00+fa+ZxlN0ukAPOYa2eKkAzdTnJegb4R9eM64xKQQ1f3fHYcOvTfNspOEWDcNO5NVyr85ZDSUiba5cWwjjU+z+1X8Fsi;path=/;secure;domain=.company.com
    X-Powered-By: ASP.NET
    Date: Tue, 23 Aug 2011 06:36:15 GMT

    Is there any way to get this to work properly? Thanks


    • Edited by damirsmc Friday, September 9, 2011 5:37 AM update
    Friday, September 9, 2011 1:05 AM

All replies

  • This is 302 header when accessing the server directly

    GET /login HTTP/1.1
    Host: type.company.com

    HTTP/1.1 302 Moved Temporarily
    Server: Apache-Coyote/1.1
    Location: http://type.company/ldaplogin

    Hi,

    From what I see in your post above, the initial access to the application is to type.company.com, however the redirect that the application sends back is to type.company (without the .com suffix). Is this really the case?

     


    -Ran
    • Edited by Ran [MSFT] Friday, September 9, 2011 4:48 AM
    Friday, September 9, 2011 4:47 AM
  • Hi Ran

    Thanks for responding. I updated the Fiddler trace. redirect sends back type.company.com, i accidentaly removed .com suffix

    Friday, September 9, 2011 5:38 AM
  • What application template did you use on UAG to publish this site? And what is the configured public host name of the portal trunk through which you are publishing this site?


    -Ran
    Saturday, September 10, 2011 9:43 AM
  • I used Other Web Application (application specific hostname)

    publich hostname is uagssl.company.com Port 443. i dopn't have public DNS record for this trunk

    Monday, September 12, 2011 2:26 AM
  • Hi,

    You say that UAG receives the Location header from the backend application like this: 

    Location: http://type.company.com/ldaplogin 

    and transforms it into this:

    Location: https://uagssl.company.com/uniquesig1e903adc8443cd7296e0a783e321d422b6930cb57d3833d0ad002ac3d6ee4240/uniquesig0/...

    There must be a reason why UAG performs Host Address Translation (a.k.a. HAT) on the Location header. Usually the reason is that you already have the server type.company.com defined in UAG, for another application, which is published using HAT, like, for example, using the Other Web Application (portal hostname) template.

    Regards,


    -Ran
    Monday, September 12, 2011 5:43 AM
  • If i understand you correctly, this is happening because this application is published on two different trunks. That is correct, this application is published on two trunks (different authentication). Is there a way around it?

    I have another application also published on two trunks (different authentication, differnt URL and DNS) but i am not experiencing this issue. it is https to https though.

    Thanks

    Thursday, September 15, 2011 12:59 AM
  • No,

    I was actually asking if you have the same server name, type.company.com, published as an additional application on the same trunk. But I understand that you do not.

    Could you try these steps?

    1. On the Application Properties window, in the Web Servers tab, change the Address of the application from type.company.com to the IP address of the backend web server

    2. Add a Hosts file entry on UAG that will resolve type.company.com to an inexistent IP address

    3. Activate the UAG configuration and test

    Regards,


    -Ran
    Thursday, September 15, 2011 10:39 AM