Affects product
- ●Neutral
Question or problem
Verify that the host header sent corresponds to the IIS configuration (as outlined in Register SPN)
Procedure-related prerequisites
- ●Configuration takes place in Airlock Gateway.
- ●You need to be logged in as admin in the Airlock Gateway Configuration Center.
- ●You need to be logged in as an administrator.
- ●Configuration takes place in IIS web server.
Instruction
- Test preparation in IIS 6.0:
- 1.Go to: Administrative Tools >> Internet Information Services (IIS) Manager
- 2.In the left span, expand the Web Sites node tree.
- 3.Select Default Web Site and click on Properties in the context menu.
- 4.Change to the Web Site tab.
- 5.Click on Advanced.
- 6.Ensure that the configuration in the Advanced Web Site Identification dialog is correct.
- 7.Click on OK to close the configuration dialog.
The instructions describe the required steps for the Default Web Site.
- Test preparation in IIS 7.5, 8.5 and 10.0:
- 1.Go to: Administrative Tools >> Internet Information Services (IIS) Manager
- 2.In the Connections span, expand the Sites node tree.
- 3.In the Connections span, select the Default Web Site and click on Edit Bindings... in the context menu.
- 4.Ensure that the configuration in the Site Bindings dialog is correct.
- 5.Click on OK to close the configuration dialog.
The instructions describe the required steps for the Default Web Site.
- Test execution and verification:
- 1.Go to: Application Firewall >> Reverse Proxy and edit the mapping of the web application for which Back-side Kerberos SSO should be used.
- 2.Switch to tab Request Actions and check the configuration for (default) Translate Host Header.
- The rewritten Host Header matches the IIS configuration.
- In case of failure:
- ●Adapt the IIS or Airlock Gateway configuration.