Adding a connection server

The connection server addresses, paths, and ports to be set up for the connection.

Procedure

  1. If the connection you want to create the connection server for is not open, search for and select the connection.
  2. From Connection Servers, click Add new server.
    Add a Connection Server window.
  3. Enter the connection server settings.
    Table 1. Connection server settings
    Setting Description
    Location The host name or IP address of the endpoint that forms the connection.
    Port The port on which to connect to the host system. Defaults to the default HTTPS port of 443. Needs to be specified only if the connection is to be made to a different port.
    Distinguished Name The certificate DN that is presented to Cloud Identity Service when connections to the application server are established. This field can be used to enhance security by allowing Cloud Identity Service to verify the certified identity of the server before a connection to it is established.
    Virtual Host The HTTP Host header that is transmitted to the application server with the web requests. For HTTP version 1.1 compliant web servers, this header can be required to route the requests to the appropriate virtual host configuration.
    Note: Only required if the virtual host name differs from the value that is provided in the Location field.
    Query Script Path The location of the Query Contents tool that can optionally be installed on a client application server. The Query Contents tool allows Cloud Identity Service to inspect its web-space and represent it via the path object hierarchy that is displayed in the Connection Object Space panel. If not specified, this value defaults to /cgi-bin/query_contents.
    Case sensitive URLs Controls whether Cloud Identity Service treats URLs as case-insensitive when an authorization check is performed on a request to a connection host. After a successful ACL check, the original case of the URL is restored when the request is sent to the server.
    Win32 support Controls whether Cloud Identity Service performs authorization checks against legacy Windows file paths. Cloud Identity Service performs security checks on client requests to connection hosts based on the file paths that are specified in the URL.

    A compromise in this security check can occur because Win32 file systems allow two different methods for accessing long file names. The first method acknowledges the entire file name, for example, abcdefghijkl.txt. The second method recognizes the old 8.3 file name format for compatibility with earlier versions, for example abcdef~l.txt.

    When you add a connection host in a Windows environment, it is important to restrict access control to one object representation only. This restriction is to prevent the possibility of back door access that bypasses the security mechanism. For this reason, the Win32 support option provides a number of measures of protection.
    • Prevents the use of the 8.3 file name format. A user cannot avoid an explicit ACL on a long file name by using the short (8.3) form of the file name. Cloud Identity Service returns a 403 Forbidden error on any short form file name entered.
    • Disallows trailing dots in directory and file names. If a file or directory contains trailing dots, a 403 Forbidden error is returned.
    • Enforces case-insensitivity by setting the Case sensitive URLs option.
  4. Click Add Server.