locked
Select which HAT signature to add through SRA or AppWrap RRS feed

  • Question

  • Hi,

    With UAG i'm publishing a web portal that uses more than one backend server. I've configured those backend servers in the Web Servers tab of my applications configuration in UAG. When i do a trace with httpWatch i see that every backend server has its own unique HAT signature.

    I've found out that some links are not being signed with a HAT signature and to solve that i've configured a custom WhlFiltSecureRemote_HTTPS.xml file (SRA) with the ADD_SIGNATURE tag so that my "corrupted" links are getting signed. Now my links are getting signed but with a signature from the wrong backend server...

    So i have a couple of questions:

    1. Is it possible to configure which HAT signature the ADD_SIGNATURE has to add?
    2. When is a HAT signature recreated (after a session, period of time, new server installation)?
    3. Is there any variable or function i can use in AppWrap or SRA to determine which HAT signature belongs to which backend server?

    Regards,

    Maikel.

    Wednesday, August 31, 2011 6:35 PM

Answers

  • Hi Maikel,
      Is it possible to configure which HAT signature the ADD_SIGNATURE has to add?
    The HAT signature added when ADD_SIGNATURE is used will be the HAT signature pertaining to the web server from which the current response is parsed. If this is not suitable for you in this case, you can use a regular DATA_CHANGE and add the specific HAT signature that you need, which points to the correct web server
      When is a HAT signature recreated (after a session, period of time, new server installation)?
    The HAT signature is constant, so that end users can bookmark links within applications published through UAG and those bookmarks will not loose their relevance. The HAT signature will only change if the hostname/FQDN/IP address of the backend server changes, or upon UAG server installation
      Is there any variable or function i can use in AppWrap or SRA to determine which HAT signature belongs to which backend server?


    Do you mean you want an easy way to tell to which backend server does a HAT signature point? There is no simple way to do that. But there is a way to tell UAG to not encrypt the HAT signature, so you could use that while troubleshooting. In order to configure UAG to not encrypt the HAT signature, launch Regedit on the UAG server, then go to HKLM\Software\WhaleCom\e-Gap\von\UrlFilter\WhlFiltSecureRemote and add a new DWORD value named UseEncryption with a value data of 0. Then activate the UAG configuration

     

    Regards,

     


    -Ran
    • Marked as answer by MvanWesteneng Thursday, September 1, 2011 2:36 PM
    Wednesday, August 31, 2011 7:15 PM

All replies

  • Hi Maikel,
      Is it possible to configure which HAT signature the ADD_SIGNATURE has to add?
    The HAT signature added when ADD_SIGNATURE is used will be the HAT signature pertaining to the web server from which the current response is parsed. If this is not suitable for you in this case, you can use a regular DATA_CHANGE and add the specific HAT signature that you need, which points to the correct web server
      When is a HAT signature recreated (after a session, period of time, new server installation)?
    The HAT signature is constant, so that end users can bookmark links within applications published through UAG and those bookmarks will not loose their relevance. The HAT signature will only change if the hostname/FQDN/IP address of the backend server changes, or upon UAG server installation
      Is there any variable or function i can use in AppWrap or SRA to determine which HAT signature belongs to which backend server?


    Do you mean you want an easy way to tell to which backend server does a HAT signature point? There is no simple way to do that. But there is a way to tell UAG to not encrypt the HAT signature, so you could use that while troubleshooting. In order to configure UAG to not encrypt the HAT signature, launch Regedit on the UAG server, then go to HKLM\Software\WhaleCom\e-Gap\von\UrlFilter\WhlFiltSecureRemote and add a new DWORD value named UseEncryption with a value data of 0. Then activate the UAG configuration

     

    Regards,

     


    -Ran
    • Marked as answer by MvanWesteneng Thursday, September 1, 2011 2:36 PM
    Wednesday, August 31, 2011 7:15 PM
  • Hi Ran,

    Thanks for the answers!

    Regards,

    Maikel.

     

    Thursday, September 1, 2011 2:38 PM