I'm not a network engeneer, but a software engeneer, so this theme is quite unfamiliar for me. We develop a solution, that consists of a server-side web application (with a rest api), working on java server and a client-side ios application (non-browser), that consumes rest services from the server.
Client is authenticated on a server with X509 certificate it has on a smart cart. Everything works great when client has a straignt access to server in our dev environment.
But now we had a production environment, our client supposed to be somewhere in the Internet and our server is located in the intranet. There is an Microsoft Forefront UAG (SP3) as a corporate gateway from internet to intranet. I never used UAG in practice and not even heard about it two days ago, and i cannot understand what features of it do we need to help us to solve our task. To be clear, our task is:
- Client should establish https connection with "endpoint" (it was our server in dev environment, now it's UAG server in production environment)
- UAG should check client certificate(for valid, non-revoked, etc)
- UAG should transfer client request to our intranet-located server application
- Critical requirement UAG should "help" server application for futher client authorization. In development environment we used client X509 cert attributes to identify user, but i suggest (am i right?) that UAG needs to terminate SSL session and client request certificate with whole https-request cannot be transfered to backside server. Ok, i agree if UAG will transform client request (after decryption, before translating to server) and put some client certificate details to HTTP Headers for example. Or even if he re-encrypt it with appropriate pair certificate (even if it will harder to process).
Can you help me and say a couple of keywords i need to look through to understand how it will work? There are many new words in UAG featere list (SSL VPN, SSL Tunneling, DirectAccess and so on) and everyone seems a bit related to the task, but i can't understand what i need and what will work as we expected.
Thank you very much.