04-04-2021 10:41 AM
Hello,
We are looking to expose our OnBase system externally so that our clients can use the new Hyland IdP and access the system as well as add on 2FA. However, with any sort of system facing externally to your intranet you don't want to allow direct access to the servers for many reasons and more. So we are looking to setup the external facing URL to reverse proxy to our IdP servers, but either I am with blind or can't seem to find documentation on how to setup the reverse proxy.
Is there any documentation or specifics on how to configure an externally facing URL so that clients can login with the Hyland IdP? Things (recommendations, requirements, suggestions, etc.) I am looking for are:
Now, the biggest question I have is does Hyland have a network diagram on how the communications happen between the different clients and when they are configured for IdP authentication? I know there are the videos out there on the training site, but I don't believe they are 100% accurate as they don't include how the client secrets work and some other things that differ based on personal experiences. So I am hoping the is a good diagram (or diagrams) or something that Hyland can provide so that when I go to present this to our Cyber Security team, then it could help in reducing any questions and hopefully make the process easier and quicker.
Thanks.
11-10-2021 10:19 AM
@Adam or @Ryan ... For external facing docpop urls using IdP, can I have the Web Server in the DMZ (public facing) with IdP and API Server installed on that same Web Server? I would imagine i need firewall rules from the Web Server in the DMZ to allow port 1433 (mssql) to access my API Server db. My OnBase Application Server is not in the DMZ and not public facing, but i do have firewall rules for opening port 443(tls, https). Will this configuration work to allow docpop urls to display documents in the onbase web client externally?
11-10-2021 11:35 AM
Hi
To your question, yes the OnBase Web Server, Hyland IDP and ApiServer can all reside on the same server. Assuming you are using the Hyland IDP for authentication, the DocPop request would redirect to the Hyland IDP for authentication and then back to the Web Server to load the documents.
Take care.
11-10-2021 01:23 PM
Thanks
Thank you,
Eric
11-10-2021 01:38 PM
Hi
The OnBase Web Server never directly accesses the database or file shares. These requests are always made through the Application Server.
Take care.
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.