Issues in managing Pega and IAC thru WebSeal Standard junctions
We are trying to achieve SSO thru IBM WebSeal, we could able to do so for Pega application using Transparent Junctions. For example, if our external URL is www.abc.com, then we could able to achieve SSO by routing traffic to F5 LB VIP (for example 10.1.1.1 which finally became 10.1.1.1/prweb/*. But we have requirement for IAC implementation along with Pega application on same host/domain name, but to achieve this, we may not be able to by using transparent junctions on same webseal instance, hence we may need standard junctions. For example, www.abc.com for Pega application that will go to F5 LB VIP like 10.1.1.1/prweb/* and www.abc.com/iac that will also go to another F5 LB VIP like 10.1.1.2/prweb/*, but we are failing do so as we are having to some AJAX issues. Can you please guide us if we can use standard junctions for this scenario and how?
Also, we are thinking about deploying prweb.ear file with different context path, such as for Pega application, it will be deployed as default prweb context and for IAC we want to deploy prweb as IAC as context path. WIll this work?
Please let me know if you need any further details.
What is the AJAX issue? Is it with the intial POST to PRGatewayPing? This part of your post caught my attention because we have seen some problems with authentication with this AJAX call.
What is PRGatewayPing?
Are you using prgateway? Doesn't look like you are.
Kevin, we did followed the same link/article for the standard junction configuration, but we had missed to add a mapping in the jmt.conf file hence we are getting an pop-up saying something related to AJAX and we could not even able to open anything in Pega console. But once we corrected that, we could able to open pega console and everything is working fine. That article also suggested for transparent junction, we even tried that successfully. In both case, it works when we have just one junction for pega application.
But our concern is what I have described earlier, that we want to setup default prweb along with IAC with same host/domain name with different context. To distinguish between both, we are planning to use the junction name in the context path i.e. for the default prweb, have junction name /pega and for IAC, we have junction name as /iac so our URLs will be abc.com/pega and abc.com/iac. Hence we have to use standard junctions, as transparent junction may not work. As both prweb and iac are the same application (on 2 different websphere JVM (IPs)) which is prweb, the context path will automatically be the same which is /prweb/PRServlet while calls are directing to application servers. Even, we are using 2 entries in the jmt.conf file, but it is not working as remapping back (response) to respective junctions are not working and we are not able to load pega console home page.
We need some direction how to achieve this use case. Any information will be really helpful. Please let me know if you need any further clarification/info.