Dynamic HTTP/FTP/SFTP (UserID - based) routing

Secure Proxy supports the use of dynamic (UserID) - based routing for the SFTP, HTTP and FTP proxy adapters. UserID-based routing helps streamline the user migration process.

The following adapters support Userid-based routing:
  • SFTP proxy adapter
  • FTP proxy adapter (implemented in SSP 3.4.2.1 and higher)
  • HTTP proxy adapter (implemented in SSP 3.4.2.1 and higher)

When both Secure Proxy and SEAS are completely configured to use UserID-based routing, Secure Proxy matches the routingNodeName identified in the LDAP and an outboundNode. You must first configure Secure External Authentication Server (SEAS) by adding a query to SEAS so it sends the routingNodeName information from SEAS to Secure Proxy. For additional information on configuring this SEAS query, see Userid-based dynamic routing topic in the Sterling External Authentication Server Knowledge Center.

After you configured the necessary query option in SEAS, you can configure additional options in Secure Proxy.

The SFTP, FTP, and HTTP adapter configuration screens have Routing Type selections that help identify how the routing will occur. They are:

HTTP

  • Standard
  • No Routing
  • Userid based - Only routes to a matching outbound node and matching routingNodeName identified in the LDAP. If the outbound node can not be determined, it will fail.
  • Userid based with a default fallback -Routes to a matching outbound node and matching routingNodeName identified in the LDAP; however, if there is no associated outbound node found, the will make the connection to the default outbound node.
  • Inbound node based - Only routes to a matching inbound node for ClientIP-based routing. If the inbound node can not be determined, it will fail.
  • Inbound node based with a default fallback - Routes to a matching inbound node for ClientIP-based routing; however, if there is no associated routing node found, the HTTP proxy will make the connection to the default outbound node.

FTP

  • Standard
  • Userid based - Only routes to a matching outbound node and matching routingNodeName identified in the LDAP. If the outbound node can not be determined, it will fail.
  • Userid based with a default fallback - Routes to a matching outbound node and matching routingNodeName identified in the LDAP; however, if there is no associated outbound node found, the will make the connection to the default outbound node.

SFTP

  • Standard
  • Userid based - Only routes to a matching outbound node and matching routingNodeName identified in the LDAP. If the outbound node can not be determined, it will fail.
  • Userid based with a default fallback - Routes to a matching outbound node and matching routingNodeName identified in the LDAP; however, if there is no associated outbound node found, the will make the connection to the default outbound node.
  • If SSH "Key Authentication" is specified in the SFTP Policy User Authentication Mechanism, the policy's User Mapping must specify "SSO token from External Authentication".
To configure, complete the information as required. For additional information, see one of the following Reference topics: