Question

IFS Applications exposed to the internet for MWO access

  • 7 October 2021
  • 3 replies
  • 302 views

Userlevel 5
Badge +14

The normal way of using IFS Applications 10 and the MWO app is via a touch apps server.

This means, the MWO is connecting via URL and System ID to the Touch Apps Server.
The TAS is then providing the request to the IFS Server using the default HTTP Port.

After the request arrives at IFS, the Identity Provider is checking the settings and either displays the login page or, for SSO setup, connects to the respective server for authentication.

Past the authentication, we are going back to the MWO App and connect to the middleware server for exchanging data.

In a cloud hosted environment, it is required to be logged in to the VPN Connection for the Cloud. In addition to that, the TAS URL needs to be setup in the local hosts file or the DNS of the customer. Otherwise, the server is not found and you can not connect.

Now, for this customer I am currently doing my project with, we have external parties.
These external colleagues, from various companies, should use the MWO App to connect to the customers IFS and report data and do their jobs.

This scenario is working fine with guest accounts in their Azure AD. The login is possible. If the setup is then done as explained above, including hosts entry or DNS including the VPN connection, that works fine.

Now comes the question:

How can it be achieved to expose IFS Applications hosted in the Cloud over the internet without exposing everything?

By default, I think this should be possible via specific endpoints of IFS. To only expose those and not the entire Application or the landing pages.

Anyone already got experience on that? Internally, we have done this via reverse Proxy and providing specific endpoints via the proxy to enable the touch apps to work properly and to authenticate with IFS. But not the whole landing page for the Touch Apps Server.

Does someone have an idea regarding the necessary setup? I already created a ticket for the Cloud Team to check on the infrastructure possibilities. But I guess this should be possible.

Kind regards,
Tobias


This topic has been closed for comments

3 replies

Userlevel 6
Badge +16

Hi Tobias,

Its documented in the Tech Docs for Apps 10 here >»

Cheers

James

Userlevel 5
Badge +14

Hi @James Ashmore 

Yes. I already found this overview of possible endpoints.

But as you can see, there is no example for this setup. And I am trying to find some examples for this so I can provide this to the Cloud Team.

From the documentation, I can not really tell how this has to be setup.

Kind regards
Tobias

 

Userlevel 6
Badge +16

Does the example page help? https://docs.ifs.com/techdocs/Foundation1/010_overview/210_security/090_exposing_to_internet/examples.htm