# Real example configuring rProxy to access legacy web-application

rProxy can setup cookie, headers and change url arguments. All this can be used to provide access to legacy web applications.

It is important to know that not all web applications can be accessed via rProxy. Some of them have absolute urls, that should be changed on the fly, some prevent access from different addresses, and so on.

If it is possible, use other options, such as SAML or oAuth.

If web application can't be configured to use SAML or oAuth, rProxy can be used to provide access to it.

{% stepper %}
{% step %}

### No authentication in legacy web application.

The easiest example is when legacy web application do not check authentication by itself.

If it is possible, turn off authentication of legacy webapplication and configure access to it using only rProxy.

This way, no special configuration of rProxy needed. rProxy will just check OpenIAM auth cookie and provide access to web application.

Be careful to not allow to access web application directly, or this will break security.

#### 1.1 Simple Example

web application: <http://www.example.org/>

The simpliest web application that do nothing. Let's create rProxy config to access it.

First of all, login as usual:

![Login](/files/2578e45842fc5ec40b3faa0093eaa47ad8aba4d7)

![Password](/files/95d472155a9beb8750817567a17c378a03f90b45)

Go to webconsole. Just type `/webconsole` in the browser's url line, after domain name:

[![Webconsole](/files/a3b862fbd328620055f0f61be929322ee770afbc)](https://docs.openiam.com/docs-4.2.2/static/86483fd43d7adf09209d07af508352ad/387f2/00a-webconsole.png)

Go to Content Providers

![Content Provider](/files/92511c531fd2066c3159704286cc3ee39a08aca8)

Click on edit on Content Provider where you want to add changes

[![Edit CP](/files/8a53791e38a5cccd4ab68ef0f17a7ba1c32bf198)](https://docs.openiam.com/docs-4.2.2/static/17fc00c687cf8b8c151084b3271ae314/81315/01-editCP.png)

Scroll down to URI Patterns.

Now need to create URI Patern for `/*`. It will handle all URIs in this content provider, except URIs for which distinct URI Patterns was created.

In this example it is all default patterns, such as `/webconsole/*` or `/idp/*` and a lot of other URI patterns that is used by OpenIAM.

Create New URI Pattern for `/*`. For that click on `Create`:

[![Create URI Pattern](/files/f2ce848ebdec44a8e881f18f7d86743f5cfdb73a)](https://docs.openiam.com/docs-4.2.2/static/748cad3b533f36a13abcd1386b1e0ee2/29114/62-create-uri-pattern.png) [![URI Pattern](/files/775f75df894f17ed27d80d04a14454538ebe33a4)](https://docs.openiam.com/docs-4.2.2/static/2f5530770bf4620a1d9bc7646ea43164/29114/63-uri-pattern.png)

Scroll down to `Application Servers` and click on plus button:

[![Create Application Server](/files/6ac4c7a31acbe80828f672c4b057b63013beb24e)](https://docs.openiam.com/docs-4.2.2/static/ef894293a239093735b2e8c0f2771346/29114/64-application-server.png)

Now in opened dialog fill Server domain with scheme:

[![Application Server](/files/38f60be6811545ada3c39d34e63cf3646db8ddd6)](https://docs.openiam.com/docs-4.2.2/static/23bf19369477249f6f700c4192a3f92c/29114/65-edit-server.png)

Everything ready. Now need to wait approximatelly 5 minutes, while caches will be updated and you can test how this works.

For that, just hit `http://vm.openiam.com/test.html`.

* `http://vm.openiam.com` - is where rProxy is installed in this example
* `/test.html` - is URI that will be processed by newly created URI pattern. There no URI pattern for `/index.html` in default content provider URI patterns, so for this URI, URI with pattern `/*` will be used.

Example screenshot:

[![Example 1](/files/bd2c2340f9890f3dd478605d85355cdb6943ff8d)](https://docs.openiam.com/docs-4.2.2/static/2f1444b4ea4b828941d76e8a4f17826e/29114/66-test.png)
{% endstep %}

{% step %}

### Example with substitution

Now if you will click on `More information...` on the page at `http://vm.openiam.com/test.html`:

[![More information](/files/3317f718fe428da5d40d3b2ab4c4d17ba30eb88f)](https://docs.openiam.com/docs-4.2.2/static/2f1444b4ea4b828941d76e8a4f17826e/29114/67-click-more-info.png)

You will see, that you redirected from `vm.openiam.com` to another url (`https://www.iana.org/domains/reserved`) on another domain, that is outside rProxy protection:

[![iana](/files/54258116bb2b90403557806df001e7b91607c56d)](https://docs.openiam.com/docs-4.2.2/static/1d497b7ed4ad53b38d14cd00ccc06e46/29114/68-iana.png)

And, as said earlier, some web applications stil hard for reverse proxying. This is because address at which user access proxied web application differ from address where it is expect to work.

rProxy have some workarounds for that.

To handle this situation, first of all need to fix absolute URLs on this page: `http://vm.openiam.com/test.html`.

To do this, first of all need to look at HTML element that redirect to wrong url. For this, just see page source of `http://vm.openiam.com/test.html`.

In mozilla firfox, you need to right-click and select `View Page Source` in other browsers this should be similair.

Page source of `http://vm.openiam.com/test.html` is:

```html
<!doctype html>
<html>
<head>
    <title>Example Domain</title>

    <meta charset="utf-8" />
    <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <style type="text/css">
    body {
        background-color: #f0f0f2;
        margin: 0;
        padding: 0;
        font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;

    }
    div {
        width: 600px;
        margin: 5em auto;
        padding: 2em;
        background-color: #fdfdff;
        border-radius: 0.5em;
        box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02);
    }
    a:link, a:visited {
        color: #38488f;
        text-decoration: none;
    }
    @media (max-width: 700px) {
        div {
            margin: 0 auto;
            width: auto;
        }
    }
    </style>
</head>

<body>
<div>
    <h1>Example Domain</h1>
    <p>This domain is for use in illustrative examples in documents. You may use this
    domain in literature without prior coordination or asking for permission.</p>
    <p><a href="https://www.iana.org/domains/example">More information...</a></p>
</div>
</body>
</html>
```

The problem is in this line: **`href="https://www.iana.org/domains/example"`**

To fix it, let's add subsitution. Need to replace `https://www.iana.org/` with `http://vm.openiam.com/`.

To do this it is, go to Webconsole->Content Provider->URI Pattern for `/*` and click on edit button:

[![Edit URI Pattern](/files/43943c30ba5bffb5c0af8494572ac7469073f84b)](https://docs.openiam.com/docs-4.2.2/static/f16c0255490d60569067b4e8577b1746/29114/69-edit-uri-pattern.png)

Add replacement from `https://www.iana.org/` to `http://vm.openiam.com/`:

![Add Substitute](/files/cad679e811bedef650fa668841949b9ae7903d78)

Wait for approximatelly 5 minutes while caches will be updated. And try to reload `http://vm.openiam.com/test.html`.

Alternatelly, you can configure substitution in apache module configs. For that you need to add `OPENIAM_Substitute` config option. This is example of of replacing from `https://www.iana.org/` to `http://vm.openiam.com/`:

```apache
OPENIAM_Substitute "s|https://www.iana.org|http://vm.openiam.com|ni"
```

Syntax is identical to `Substitute` directive from `mod_substitute`: <https://httpd.apache.org/docs/2.4/mod/mod_substitute.html>
{% endstep %}
{% endstepper %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs-beta.openiam.com/sso-to-legacy-applications/real-example-configuring-rproxy-to-access-legacy-web-application.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.