Skip to main content
Version: Axidian Privilege 3.3

Usage of Web Proxy

The Web Proxy component provides secure access to web applications and websites through a browser without the need to use Microsoft RDS. An administrator can upload an SSO template to automatically fill in the login form on a web resource. This provides convenient access and does not reveal the password to the user.

No special licenses are required to work with Web Proxy.

Preliminary actions

  1. Go to the ConfigurationSystem Settings section and fill in the Web Proxy Address field.
  2. Go to the User Connection subsection and add a user connection with the Web Application type and In Browser session opening method.
  3. In the Resources section, open the resource profile and add the created user connection. You can add multiple connections with different URLs.
    Add a new resource if there is no suitable one in PAM.
  4. In the resource profile, open the Permissions tab and make sure that permission has been granted for the resource. If permission has not been granted or you need to change the composition of users or the service account for connection, create a new permission.

Configure HTTPS connection

To work with Web Proxy, a secure HTTPS connection is required. If a web resource has a self-signed certificate, this certificate is not trusted. When attempting to access such a resource, Web Proxy blocks the connection as it considers it unsafe.

To configure a secure connection:

  1. Add the self-signed certificate of the web resource and the certificate of its certification authority to the folder /etc/axidian/axidian-privilege/ca-certificates

  2. Navigate to the folder with PAM scripts and restart the Web Access Server:

    cd /etc/axidian/axidian-privilege/scripts/
    sudo bash restart-pam.sh web-proxy

    Open a session through the user console and connect to the web resource.

  3. Verify that an HTTPS connection is established and the web resource opens.

Open a session through Web Proxy

To open a web session in a new browser tab or through an RDP file, go to the user console and connect to the resource through Web Proxy.

View logs

Information

Only video logging of the session is supported.

To view the video of a web session:

  1. Open the administrator console and go to the Active Sessions section.
  2. Select the desired session.
  3. Expand the Video section.

If problems or errors occur when working with Web Proxy, collect the component logs and contact technical support.

Limitations

  • The user does not need confirmation from the administrator to open a session.
  • The clipboard is intended for text data only. Buffer operation between the web resource and the user's workstation is not supported.
  • Working with PDF files is not supported in web sessions. The file cannot be opened or sent to print.
  • The settings Interrupt session when there is no user activity and Opening sessions without re-authentication do not apply to web sessions.
  • The address string in the web session is not available for editing. You won't be able to navigate to an arbitrary URL.
  • There is no restriction on following links within a web session.
  • HTTP Strict Transport Security (HSTS) cannot be configured for connections.
  • Sessions opened through Web Proxy are not adapted for touch screens and mobile browsers.