Cross Domain Single Sign-On - Dell SMA 200 Administration Manual

Supported Application Deployment Considerations
Be aware of these installation and general feature caveats when using application offloading and HTTP(S)
bookmarks with the following software applications:
• SharePoint
• SharePoint 2013 and SharePoint 2010 are supported with application offloading, but not with
HTTP(S) bookmarks.
• Outlook Anywhere
• SMA/SRAs with Application Offloading.
• Outlook Anywhere uses Microsoft's MS-RPCH proprietary protocol that could conflict with normal
HTTP(S) protocol.
Application Offloading is only supported on SharePoint 2013 and with any application using HTTP/HTTPS. Secure
Mobile Access has limited support for applications using Web services and no support for non-HTTP protocols
wrapped within HTTP.
The application should not contain hard-coded self-referencing URLs. If these are present, the Application
Offloading proxy must rewrite the URLs. Because Web site development does not usually conform to HTML
standards, the proxy can only do a best-effort translation when rewriting these URLs. Specifying hard-coded,
self-referencing URLs is not recommended when developing a Web site because content developers must modify
the Web pages whenever the hosting server is moved to a different IP or hostname.
For example, if the backend application has a hard-coded IP address and scheme within URLs as follows,
Application Offloading must rewrite the URL.
<a href="http://1.1.1.1/doAction.cgi?test=foo">
This can be done by enabling the Enable URL Rewriting for self-referenced URLs setting for the Application
Offloading Portal, but all the URLs might not be rewritten, depending on how the Web application has been
developed. (This limitation is usually the same for other vendors employing reverse proxy mode.)

Cross Domain Single Sign-On

External Website Bookmarks can be created for application offloading portals to achieve a single point of access
for users. This allows users to automatically log in to application offloading portals after logging into the main
portal.
To use Cross Domain Single Sign-on (SSO):
1 Create two or more portals with the same shared domain (from Virtual Host Domain name) and that need
authentication. One portal should be a regular portal. These portals are also in the same SMA/SRA
appliance's domain so that a user can log in to both of them with the same credentials.
page 135 explains how to create a portal.
2 Log in to the portal and create a bookmark, as explained in
354.
3 Set the service to External Web Site, as explained in
4 Enable Automatically log in for the bookmark that enables Cross Domain SSO for this bookmark.
5 Specify a Host that is a portal with the same shared domain name.
6 Save the bookmark and launch it. The new portal is logged in automatically without any credential.
The shared domain names do not need to be identical; a sub-domain also works. For example, one portal is a
regular portal whose virtual host domain name is "www.example.com" and its shared domain name is
".example.com." The other portal's virtual host domain name is "intranet.eng.example.com" and the shared
domain name is ".eng.example.com." If a bookmark to xyz.eng.example.com is created in the
www.example.com portal, Cross Domain SSO works because ".eng.example.com" is a sub-domain of
".example.com."
Adding or Editing User Bookmarks
External Web Site on page 366.
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
Adding Portals on
on page
29