<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
<div class="moz-cite-prefix">On 04/27/2015 06:06 PM, David Dimovski
wrote:<br>
</div>
<blockquote
cite="mid:OF9F55F909.AC1AC4FA-ONC1257E34.00574BA3-C1257E34.00587210@biotronik.com"
type="cite"><font face="sans-serif" size="2">Hi Folks,</font>
<br>
<font face="sans-serif" size="2">does somebody have a best
practice,
how to access the IPA Web-UI with different domain names?</font>
<br>
<br>
<font face="sans-serif" size="2">Example:</font>
<br>
<font face="sans-serif" size="2">Our IPA 4.1 have two different
IPs (extern
and intern) with two domain names. The web gui is only
accessible from
the domain name, which IPA was registered with (intern domain
name). When
trying to access with the extern domain name, IPA is rewriting
to the intern
domain name.</font>
<br>
<br>
<font face="sans-serif" size="2">After disabling the rewriting,
the web
ui is accessible from the two domain names, but the login is not
possible
from the extern domain name (only intern domain name), getting
the following
error:</font>
<br>
<font face="sans-serif" size="2">Logout session expired.</font>
<br>
<br>
<font face="sans-serif" size="2">Does sombody has a idea or a
clue?</font>
<br>
<br>
<font face="sans-serif" size="2">Many thanks in advance!</font>
<br>
<br>
<font face="sans-serif" size="2">Best regards</font>
<br>
<font face="sans-serif" size="2">David<br>
<br>
</font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
Hi,<br>
<br>
one possible solution would be to setup a reverse proxy with the
external domain name, which would be passing the requests from the
external world to the internal IPA sever.<br>
<br>
However, the proxy would need to circumvent our XSS protection and
rewrite the HTTP_REFERRER header to the internal hostname.<br>
<br>
I haven't tested it, so maybe additional issues would come up.<br>
<br>
Tomas<br>
</body>
</html>