WAG Access Profile
Web Application Gateway (WAG) Access Profile or Remote Intranet Web App Connection allows users to access intranet web applications through Thinfinity® Workspace.
To access the WAG Access Profile settings, navigate to Configuration Manager>Access Profiles, then click Add and select WAG. Alternatively, double-click a WAG access profile from the list or select it and click Edit.
Name
The name of the access profile.
Virtual Path
Unique URL address for the current connection. It can be customize, make sure your address is unique and compatible and that it has the following format: http(s)://ThinfinityDomain:port/VirtualPath/.
Allows to create a web shortcut for the connection bypassing Thinfinity Workspace web interface.
Icon
Click on the Icon box to load an icon image for the profile. This image will be shown with the profile name to the authenticated user in the web interface.
Access Key
An automatically generated access key that is used to access this profile.
New Key
Change the Access Key to disable access through the current key and provide access through a new one.
Label(s)
Access profiles can be organized in groups (labels) for which you can collectively manage the permissions settings. This field shows the names of the groups (or labels) that the current profile is a part of. For details, see Label.
Select Label
Allows you to select an existing Label for this specific profile.
Visible
By default, the access profile is visible, modify if needed.
Default Profile
If checked, the Thinfinity Workspace home page is skipped, and the user connects directly to this profile.
Open in new tab
If selected, opens the access profile in a new browser tab.
URL Path
Enter the URL path of your intranet web application.
Start page
Select the start page to be displayed when the WAG connection is accessed.
Custom Headers
You can use the Custom Headers configuration to prevent unexpected CSP (Content Security Policy) problems when using the WAG. See the Custom Headers section below for details.
Valid domains
List valid domains for the current WAG access profile (Comma separated). By default, every subdomain of the main entry point is also a valid domain.
Pro-tips:
1) * - [Allow all domains]
2) *.domain.com - [Allow every subdomain included under domain.com]
3) fonts.domain.com - [Allow specifically fonts.domain.com]
4) mydomain-*.com - [Allow every domain which starts with mydomain-]
Agent ID
Agent ID will be used only when running Thinfinity Workspace in Agent mode on a separate server. It helps to run the WAG access profile remotely on the Agent server.
Agent Pool
If you have a Secondary Brokers set up and you've already created a Pool List, the Agent Pool info (name) is available in the Thinfinity Configuration Manager/Broker tab in the Pool List displayed in the Secondary Brokers section.
Broker
If you have multiple brokers and you need to connect to them, add their names here.
Custom Headers
The Custom Headers configuration allows you to prevent unexpected CSP (Content Security Policy) problems when using the WAG.
You can configure a JSON file that specifies how CSP headers will be overridden for every request that goes through the WAG. To do that, in the General tab of the WAG Access Profile Editor click the Custom Headers button: A pop-up window will be displayed with the default JSON file
The default JSON file has the following format.
{
"templates": {
"nocsp": {
"default": true,
"headers": {
"Content-Security-Policy": "",
"cross-origin-opener-policy-report-only": "",
"cross-origin-embedder-policy": "",
"cross-origin-resource-policy": ""
}
}
}
}For details on the options available in the RBAC tabs, see Access Control Settings.
Was this helpful?