Supported Application Deployment Considerations; Cross Domain Single Sign-On; Activesync Authentication - SonicWALL SMA 400 Administration Manual

• Internet Explorer 9.0 or newer
• Windows 10 and Windows 7
NOTE:
• The maximum number of users supported is limited by the number of applications being
accessed and the volume of application traffic being sent.
• Feature support varies based on your hardware and installation, see the respective
sections for more detailed information about specific application support.
TIP: If you are using the correct Web browser and operating system, and a supported
application does not work, delete the browser session cookies, close and reopen all instances
of your browser, clear the browser cache, and then try again.

Supported Application Deployment Considerations

Be aware of these installation and general feature caveats when using application offloading and HTTP(S) bookmarks with the following software
applications:
• SharePoint
• SharePoint 2013 and SharePoint 2010 are supported with application offloading, but not with HTTP(S) bookmarks.
• Outlook Anywhere
• SMA/SRAs with Application Offloading.
• Outlook Anywhere uses Microsoft's MS-RPCH proprietary protocol that could conflict with normal HTTP(S) protocol.
Application Offloading is only supported on SharePoint 2013 and with any application using HTTP/HTTPS. Secure Mobile Access has limited support for
applications using Web services and no support for non-HTTP protocols wrapped within HTTP.
The application should not contain hard-coded self-referencing URLs. If these are present, the Application Offloading proxy must rewrite the URLs.
Because Web site development does not usually conform to HTML standards, the proxy can only do a best-effort translation when rewriting these URLs.
Specifying hard-coded, self-referencing URLs is not recommended when developing a Web site because content developers must modify the Web pages
whenever the hosting server is moved to a different IP or hostname.
For example, if the backend application has a hard-coded IP address and scheme within URLs as follows, Application Offloading must rewrite the URL.
<a href="http://1.1.1.1/doAction.cgi?test=foo">
This can be done by enabling the Enable URL Rewriting for self-referenced URLs setting for the Application Offloading Portal, but all the URLs might not
be rewritten, depending on how the Web application has been developed. (This limitation is usually the same for other vendors employing reverse proxy
mode.)

Cross Domain Single Sign-On

External Website Bookmarks can be created for application offloading portals to achieve a single point of access for users. This allows users to
automatically log in to application offloading portals after logging into the main portal.
To use Cross Domain Single Sign-on (SSO):
1 Create two or more portals with the same shared domain (from Virtual Host Domain name) and that need authentication. One portal should be a
regular portal. These portals are also in the same SMA/SRA appliance's domain so that a user can log in to both of them with the same credentials.
Adding Portals explains how to create a portal.
2 Log in to the portal and create a bookmark, as explained in
3 Set the service to External Web Site, as explained in
4 Enable Automatically log in for the bookmark that enables Cross Domain SSO for this bookmark.
5 Specify a Host that is a portal with the same shared domain name.
6 Save the bookmark and launch it. The new portal is logged in automatically without any credential.
The shared domain names do not need to be identical; a sub-domain also works. For example, one portal is a regular portal whose virtual host domain
name is "www.example.com" and its shared domain name is ".example.com." The other portal's virtual host domain name is "intranet.eng.example.com"
and the shared domain name is ".eng.example.com." If a bookmark to xyz.eng.example.com is created in the www.example.com portal, Cross Domain
SSO works because ".eng.example.com" is a sub-domain of ".example.com."

ActiveSync Authentication

Application Offloading now supports authentication for ActiveSync. Application Offloading technology delivers Web applications using Virtual Hosting and
Reverse Proxy. Users still need to authenticate with the SMA/SRA appliance before accessing the backend Web application. However, the proxy avoids
URL rewriting in order to deliver the Web applications seamlessly.
ActiveSync is a protocol used by a mobile phone's email client to synchronize with an Exchange server. The Administrator can create an offloading portal
and set the application server host to the backend Exchange server. Then, a user can use the new virtual host name in a mobile phone's email client, and
synchronize with the backend Exchange server through the SMA/SRA appliance.
NOTE: On iPhones/iPads running versions earlier than iOS 6.1.2, initial account synchronization
might fail if a calendar contains a recurring invite.
NOTE: To provide better protection for the Exchange Server, anonymous ActiveSync access
will not be supported in the future.
ActiveSync is managed through the Portals > Offload Web Application > Offloading > Security Settings page:
Adding or Editing User Bookmarks.
External Web Site.