Scenarios

Scenarios

This section contains the following topics:

Create Alternate Access Mappings

Alternate Access Mappings

Zones and Alternate Access Mappings

Obtain the Public and Internal URLs

Specify a Public URL for the Web Application

Specify an Internal URL for the Web Application

Configure Single Logout on SharePoint 2010

Enable SSL

SessionLinker Reference

Create Alternate Access Mappings

Alternate access mappings can direct users who request an external URL to a specific web application on your SharePoint servers. Create alternate access mappings between your external URLs and the web applications on your SharePoint servers.

The CA SiteMinder® Agent for SharePoint uses proxy rules in a similar fashion. Users who authenticate through the CA SiteMinder® Agent for SharePoint are redirected to the internal web application hosted in SharePoint.

Important! The proxy rules in the CA SiteMinder® Agent for SharePoint must match the alternate access mappings for your SharePoint web application.

The following graphic describes how to create alternate access mappings:

Follow these steps:

1. (Optional) Review the following topics that are related to SharePoint administration:
   • Alternate access mappings.
   • Zones and alternate access mappings.
2. Obtain the public and internal URLs.
3. Specify a public URL for the web application
4. Specify an internal URL for the web application.

Alternate Access Mappings

SharePoint central administration servers let you create alternate access mappings between external and internal URLs.

• External URLs are those URLs that your customers, partners, or people outside of your organization access. For example, your customers and partners could log in to your network using www.sales.example.com.
• Internal URLs correspond to the location of the web application in your SharePoint environment. For example, the login server that processes those requests could be named example.com.

An alternate access mapping creates an association in SharePoint between your external login URL and the login server in the back end. For example, the SharePoint server directs all the requests for www.sales.example.com to the example.com server and displays the sales/index.html page as shown in the following graphic:

Zones and Alternate Access Mappings

Alternate access mappings also support zones. Zones let you configure different access paths to a single web application on your SharePoint server. Creating alternate access mappings across different zones can accomplish the following goals:

• Create different URLs for the same web application. For example, you could have one URL for external users and a different URL for internal users that both point to the same web application.
• Allow customers read-only access to documents that are hosted on your SharePoint server, while granting full access to your employees.
• Require secure (HTTPS) connections to a web application for external visitors, while allowing employee access to the web application using HTTP.
• Index the content of your web application using the SharePoint search index (which requires NTLM access), while requiring another authentication method for users.

The following graphic describes how different zones permit different levels of access to the same document for external customers and internal employees:

The following graphic describes how multiple authentication methods apply to the same document by extending the associated web application to multiple zones:

To accommodate the SharePoint search index, the web application must be extended into one zone that uses NTLM authentication.

Obtain the Public and Internal URLs

The CA SiteMinder® Agent for SharePoint runs on a proxy-server. The CA SiteMinder® Agent for SharePoint forwards requests to the web applications in your SharePoint environment using proxy rules. These proxy rules direct traffic from the public URL (the server hosting CA SiteMinder® Agent for SharePoint) to your SharePoint web applications (the internal URLs).

For example, customers who access support.example.com are authenticated by the CA SiteMinder® Agent for SharePoint. Next the user is redirected to a SharePoint web application hosted on a server named support001.example.com. The web application serves the content from support001.example.com back to the user who requested the support.example.com page.

The following graphic describes the relationship between proxy rules and alternate access mappings from the previous example:

Follow these steps:

1. Obtain the external URLs that are hosted on your CA SiteMinder® Agent for SharePoint server from your network administrator. In this scenario, the URL www.support.example.com is hosted on the CA SiteMinder® Agent for SharePoint server.
2. Log in to the server hosting the CA SiteMinder® Agent for SharePoint.
3. Create a copy of the following file:

   Agent-for-SharePoint_home\proxy-engine\conf\proxyrules.xml
   

4. Open the copy that you created in Step 3 with a text editor.
5. Locate the line containing the nete:forward tags, as shown in the following example:

   <nete:forward>http://server2.company.com$1</nete:forward>
   

   Note: In a typical environment, the URL in the Step 5 matches the Internal URL for your SharePoint web application.

6. Record the public and internal URLs for future reference. You need these public and internal URLs to create your alternate access mappings.
7. Repeat Steps 4 through 6 for to obtain any additional Internal URLs for other web applications.

Specify a Public URL for the Web Application

The public URL is an external URL through which your customers or external users connect to your organization. The public URL appears in the web browsers of your users.

When you use the CA SiteMinder® Agent for SharePoint in front of your SharePoint server farm, use the URL of the server hosting your CA SiteMinder® Agent for SharePoint as the public URL.

Important! The proxy rule settings of the CA SiteMinder® Agent for SharePoint must match your alternate access mappings.

This procedure describes creating alternate access mappings for the default zone. Adding another type of authentication to a single internal URL with an alternate access mapping is described in a separate scenario.

Follow these steps:

1. Click Start, Programs, Microsoft SharePoint 2010 Products, SharePoint 2010 Central Administration.

   The Central Administration home page appears.

2. Click Application Management.

   The Application Management page appears.

3. Click Configure alternate access mappings.

   The Alternate Access Mappings page appears with a list of available web applications.

   Note: If the web application that you want is not listed, click the Alternate Access Mapping Collection drop-down list. Pick the web application that you want.

4. Click Edit Public URLs.

   The Edit Public URLs page appears.

5. Locate the field for the zone that contains the internal URL for your web application. For example, if you created a web application named http://support001:27975 in the default zone, then locate the Default (zone) field with that URL.
6. Replace the internal URL in Step 5 with the public URL that you want. For example, if you are mapping from the internal URL http://supportp001:2975 to support.example.com, then replace the internal URL in the field with support.example.com.
7. Click Save.

Specify an Internal URL for the Web Application

This procedure allows the SharePoint Administrator to map the public URL (http://support.example.com) to the SharePoint internal URL (http://support001.example.com).

Follow these steps:

1. Click Start, Programs, Microsoft SharePoint 2010 Products, SharePoint 2010 Central Administration.

   The Central Administration home page appears.

2. Click Application Management.

   The Application Management page appears

3. Click Configure alternate access mappings.

   The Alternate Access Mappings page appears with a list of available web applications.

4. Click Add Internal URLs.

   The Add Internal URLs page appears.

   Note: If the mapping collection that you want edit does not appear, then select one from the Alternate Access Mapping Collection list.

5. Enter the internal URL as http://support001.example.com in the Add Internal URL section, in the URL protocol, host, and port field.
6. Click Save.

   The Alternate Access Mappings page appears with the saved settings. The following table describes how the alternate access mappings appear in SharePoint using the examples in this procedure: