Configuring the SafeLinx server for Nomad

Configure the SafeLinx server for Nomad.

Before you begin

Complete the steps described in Installing the SafeLinx server and the SafeLinx Administrator client

About this task

During this procedure, you complete the following steps:
  1. Configure a SafeLinx login profile and then log in.
  2. Configure the SafeLinx Access Manager.
  3. Add a SafeLinx server.
  4. Configure a Nomad proxy for the SafeLinx server.
  5. Confirm the configuration.

Procedure

  1. Configure a SafeLinx login profile and then log in:
    1. Launch the SafeLinx Admninistrator client, located in the directory /opt/hcl/SafeLinx/Administrator, by running the following command:
      wgcfg &
    2. In the window that opens, click Add Profile.
    3. Complete the fields in the Add Login Profile window and then click OK.

      Replace the following example information with information for your environment:

      Login Profile Name: SLDomino
      Host Name: SLDomino.mycompany.com

    4. Select the profile you created and click OK to log in.
    5. In the login window, enter the default user name and password.

      Administrator ID: admin
      Password: sl4!admin

    6. At the License Agreement prompt, click Accept.
    7. At the SafeLinx Administrator - Help prompt, read the information about the initial configuration wizard and then close the prompt.
  2. Configure the SafeLinx Access Manager:
    1. In the Configure the SafeLinx Access Manager window, keep the default selection An ODBC compliant relational database and click Next.
    2. In the next window, update the database ID and password fields to the values required for your configuration and then click Next. The other fields are filled in for you.

      Database name:  wgdata
      Database administrative ID: wgdb
      Enter the password: Safelinx@55
      Confirm the password: Safelinx@55

    3. In the next window, for Base distinguished name (DN):, keep the default value, “o=local”. Optionally, change to your company or organization name. Click Next.
    4. In the next window, select All to enable all logging and click Next.
    5. In the next window, click Finish to connect to the server and create the new required database. Processing may take a few moments to complete.
    6. At the following prompt, click Yes to change the password for the SafeLinx super user “admin” account used to log in to the SafeLinx Administratror. This step is required because you logged in with the default SafeLinx admin password.
    7. At the next window, enter and confirm a new password and then click OK.
  3. Add a new SafeLinx server:
    1. At the Add a New SafeLinx server window, click Next.
    2. In the next window, the Linux machine host name is automatically selected as the SafeLinx server. Provide a SafeLinx server identifier name for it. This is a free-form name for recognizing this server that only the SafeLinx Administrator client uses. Accept the default values in the other fields and then click Next.

      Current host name: SLDomino.mycompany.com
      SafeLinx server identifier: SLDomino.mycompany.com

    3. In the next window, keep O=local selected as the primary organizational unit and click Next.
    4. In the next window, click Finish to complete the SafeLinx server configuration.
  4. Configure the Nomad proxy:
    1. At the prompt asking whether to add a Nomad proxy, click Yes.
    2. At the prompt asking whether to add an LDAP Directory server, click Yes.
    3. In the Add a Directory Server window, complete the following fields.
      Note: Using port 636 for connections between the SafeLinx server and Domino LDAP server is recommended.
      Field Description
      Common Name: The Domino LDAP server host name, for example, Myserver.mycompany.com.
      Host name or IP address of Service: Host name or IP address of the Domino LDAP server, for example, 192.168.0.110.
      Base distinguish name (DN): The Domino Org name, for example, O=JAM. If your LDAP server uses multiple suffixes, adding the DN can reduce the number of SafeLinx LDAP search paths.
    4. In the following window, complete the these fields and then click Next:
      Field Description
      Port number of Service: Port 389 is picked by default. Port 636 is recommended to avoid user passwords being presented in clear text when users authenticate.
      Administrator's distinguish name (DN): Distinguished name of the Domino administrator user to use to connect to the Domino LDAP service, for example, CN=Domino Admin/O=JAM.
      Enter the password: The internet password for the Domino administrator account.
      Confirm the password: Enter password again.
    5. In the following window, click Finish.
    6. At the prompt asking whether to add an LDAP bind authentication method, click Yes.
    7. In the Add a New Authentication Profile window, complete the following fields and then click Next:
      Field Description
      Common name: The common name of the Domino LDAP server, for example, MyServerDomino.
      Description: The descriptive name of the Domino LDAP server, for example, DominoLDAP.
      Password policy: Accept the default, None.
    8. In the following window, complete these fields and accept the default values for other fields. Then click Next.

      Directory Server: Select the Domino LDAP server that is shown.
      User key field: Specify the LDAP attributes to query to identify a user for authentication. For example, if users are identified by their email addresses, specify mail.

    9. In the following window, accept the default values and click Next.
    10. In the following window, accept the default values and click Finish.
    11. In the Add a Nomad Web Proxy window, complete the following fields and click Next. The field values shown are examples.

      Service URL (https://): https://sldomino.mycompany.com
      TCP port to listen on: 443
      PKCS12 keystore file: slselfsign.p12
      Keystore password: trusted

    12. At the next window, complete the following fields. When you are done, click Finish.
      Field Description
      Text: Add two rules for the Nomad application that reflect your server naming conventions and Nomad web static file path. For example:

      NOMAD /nomad file:///usr/local/
      and
      NOMAD CN=MyServer/O=JAM nrpc://MyServer.mycompany.com:1352

      Authentication Profile: Select the LDAP authentication profile created previously, for example, DominoLDAP.
      Session cookie Domain: Specify the domain that corresponds to your configuration, for example, mycompany.com.
    13. When prompted whether to add an HTTP service for other applications, click No.
    14. When prompted whether to start the SafeLinx instance, click Yes.
    15. Click OK at the following prompt to complete the Nomad proxy configuration:
  5. Configure HTTP response headers

    In the SafeLinx Administrator Client, navigate to the Resources tab, expand the SafeLinx Server and then right-click on the Nomad Web Proxy you just configured. In the popup-menu, select Properties. In the window that opens, select the Server tab. Edit HTTP header tokens that should use for files to configure the required HTTP headers corresponding to the files and Additional HTTP headers to include sections to update the preconfigured optional HTTP headers (in all responses). For HTTP header tokens that should use for files, entries should include filename and headers token and should be separated by a space (' ').

    Configure HTTP response headers

  6. Confirm the configuration:
    1. From the SafeLinx Administrator client, confirm that the Resources tab looks similar to this:
    2. Run the following command to confirm that the wgated and wgattachd SafeLinx server processes are running:
      ps -e | grep wga
      When you start the SafeLinx server one instance of each process runs.
      • wgated runs functions of the SafeLinx Server, such as monitoring the status of network devices, transmitting data, and updating log files.
      • wgattachd monitors wgated and restarts it if it fails.

What to do next

Continue to the procedure Logging in and getting started with Nomad for web browsers.