Since the page customization will not be served from the Array AG device but proxied through it, the Array AG requires the administrator to configure a web ACL to allow the backend server to accessed through the Array AG proxy.
- In the Array AG admin web page, browse to the Web Access section and then click on the URL Policy tab. In Config mode, click on 'Add URL policy.'
- The type needs to be public because you are going to be accessing the URL before authentication is complete.
- The priority needs to be anything that works with system's current ordering.
- The keyword should be the FQDN of the GridGuard hostname that will be used to reference GridGuard-VA by HTTP URL. The screen shot above an example of this.
- Click on 'Save' when complete.
Portal Page URLs
Now you need to set the URLs for where the Array AG will get the page customizations. This is assuming you are using the stock SyferLock Array AG page customizations. If you have changed the customization, these values may change.
The base format of the URL will be https://<GridGuard host name>/web/<Target Path>/array-login.php?realm=<realm name>&method=<method name>
For example. Given the following information below is how the URL will look
- GridGuard host name: ggva.example.syferlock.com
- GridGuard Target Path: arrayag
- GridGuard Array Realm Name: ArrayAG-2Form
- Array Auth Method: 2Form
- GridGuard Web Page Customization: SyferLock's stock Array AG template.
Example URL: https://ggva.example.syferlock.com/web/arrayag/array-login.php?realm=ArrayAG-2Form&method=2Form
There is one more optional parameter that can be used. It is the 'p' URL parameter. If you add it, a different response message will be presented when you display the page.
Valid 'p' values:
- logout : Display logout dialog
- failed : Display invalid credentials dialog
- account-locked-out : Displays that the user account is locked out dialog.
- session-expired : Displays that user's session has expired dialogue
- invalid-acls : Displays that a user's applied ACLs have some type of issue.
- invalid-request : Displays that the HTTP request was invalid
User the same values from above here is a URL that will display the logout dialog.
Now you should able to enter the proper URLs for the Login Page and the Logout Page in the Array AG Portal page area.
Error Page URLs
After you have added the Login Page URL and the Logout Page URL, you can add some of the the error state URLs too. You do not have define all of them, but there a few that are highly recommended to be set. You want to set the URLs that the user's will most likely receive in a normal day. Here is list of common states that the may encounter.
- failedlogin: This happen anytime a user puts in bad credentials.
- sessionexpired: This happens any time a user's session is idle for too long.
The URLs use the same methodology as the Logout Page URL in the previous step.