Enterprise 11: Configuring Access Manager Reverse Proxy

Configure an Access Manager Reverse Proxy server, such as IBM WebSEAL, to enable secure communication, using mutual authentication between the Enterprise Client and the Control Room .

Reverse proxy server prerequisites

  • Install Automation Anywhere Enterprise Version 11.3.2 or later. This includes both Enterprise Client and Control Room.
  • Ensure a Microsoft Windows user Trusted Client Certificate exists for every Enterprise Client user. The user-specific certificate establishes that user as a trusted user.
  • Install the Trusted Client Certificate on every machine running the Enterprise Client.

    Store the certificate in Microsoft Windows certificate store > Personal > Current User.

Note: Only IBM WebSEAL is certified for mutual authentication using the Access Manager Reverse Proxy.

Reverse proxy server process

  1. The first request from the Enterprise Client to the Control Room is authenticated by the Reverse Proxy server using the Client Certificate mechanism.
  2. The Reverse Proxy server returns the response with a cookie, which is used for all the subsequent requests.
  3. Each subsequent user login does not require additional authentication with a certificate. The same cookie is used when:
    • Trusted users change the Control Room authentication type.
    • Trusted users switch to another Control Room.

For more information about Enterprise Client mutual authentication with IBM WebSEAL, see AAE Client Mutual Authentication with WebSEAL (A-People login required).