Hi @tecsrikam,I assume you are having an IFS Middleware Server instance. In that case, please refer the attached documents extracted from IFS Technical Documentation. They explain the configurations you need to setup to enable SSL + External Proxy.You can find more information on Load Balancing by referring to the “Load Balancing” section in “IFS Middleware Server-Load Balancing.pdf”
Hi @baris.halici,What is the current Update level of your APP9 instance?
Hi @vynfva,Please refer the attached document on how to expose the IFS application over Internet. There are some Mandatory proxy settings. The proxy must be a reverse-proxy i.e. not connecting external requests to the MWS webserver, but terminate the internet connection in the proxy and create a new connection towards the MWS on the intranet. The proxy must send a host-header to MWS webserver containing the correct Proxy URL otherwise the requests will be blocked by the webserver. The IEE client uses WebSocket notifications, so a proxy needs to be WebSocket compliant and support upgrade of http protocol to WebSocket protocol. The http header responces from the proxy must always set the host as the proxy url. e.g. "proxy_set_header host $http_host" Proxy should not have SNI support enabled. SSL 2.0, SSL 3.0 and TLSv1 are considered insecure and should be disallowed. Test proxy with a tool like https://ssllabs.com/ssltest and make sure you get a A+ rating, otherwise don't expose the prox
@Charith E I think @SORSITEL is referring to an APP10 instance. IN that case you should alter the HTTP Server configuration parameters via the IFS Middleware Server Admin Console. There you can increase the ‘ThreadsPerChlid’ count.
Hi Jozef, In which UPD version are you in? The Product Development team has introduced a solution (266373) in APP9 UPD14 to enable LDAPS in AD Synchronization. The default LDAPS port is 636. Hope this helps. Best Regards, Isuru
Thank you for the update @Björn Kihlström
Hi@karllinder ,We recently had the same issue with another customer. There were some users which had connected to 250 - 650 Windows-User-Groups.The parameter ‘Limit Request Field Size’ is not an IFS specific parameter. It is a standard HTTP configuration. Please refer the following article we found on the internet:https://www.fabasoft.com/en/support/knowledgebase/bad-request-size-request-header-field-exceeds-server-limitWe also had a discussion with IFS PD as well. In ADFS, user groups are considered as “claims” in access tokens and it adds length to the token which is sent in the Authorization header in HTTP. When the claims part contains many user groups, the size of the token is increased. If tokens are too large, the OHS cuts them due to, it only having a certain amount of characters allocated for Authorization HTTP headers, hence ends up with a 400-error. Therefore, we recommended them to increase the “Limit Request Field Size”. Later, the customer had found another possible work
Already have an account? Login
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.