ULTEO OPEN VIRTUAL DESKTOP

V4.0.2
OVD WEB APPLICATION GATEWAY

Ulteo Open Virtual Desktop v4.0.2

Contents
1

Introduction

2 Overview

3 Installation

3.1

Red Hat Enterprise Linux 6 . . . . . . . . . . . . . . . . . . . . . . . . . . .

3.2 SUSE Linux Enterprise Server 11.SP1 . . . . . . . . . . . . . . . . . . . . . .

3.3 Ubuntu Lucid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3.4 Ubuntu Precise . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3.5 Debian Squeeze . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3.6 Debian Wheezy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

3.7 OpenSUSE 11.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4 Conguration
4.1

Conguration le . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4.1.1

Conguration Section . . . . . . . . . . . . . . . . . . . . . . . . . .

4.1.2

Handlers Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4.1.2.1

ServerHandler . . . . . . . . . . . . . . . . . . . . . . . . .

4.1.2.2

ClientHandler . . . . . . . . . . . . . . . . . . . . . . . . . .

4.1.2.3

DispatchHandler . . . . . . . . . . . . . . . . . . . . . . . .

4.1.2.4

ChainHandler . . . . . . . . . . . . . . . . . . . . . . . . . .

10

4.1.2.5

RedirectHandler . . . . . . . . . . . . . . . . . . . . . . . .

10

Filters Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

10

4.1.3.1

StaticRequestFilter . . . . . . . . . . . . . . . . . . . . . . .

10

4.1.3.2

CookieFilter . . . . . . . . . . . . . . . . . . . . . . . . . . .

11

4.1.3.3

HttpBasicAuthFilter . . . . . . . . . . . . . . . . . . . . . .

12

4.1.3.4

NTLMFilter . . . . . . . . . . . . . . . . . . . . . . . . . . .

12

4.2 Conguration Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

13

4.1.3

ULTEO SAS 2014 - 1

Ulteo Open Virtual Desktop v4.0.2

Section 1

Introduction

Ulteo Open Virtual Desktop 4.0 supports the delivery of native Web Applications alongside Windows and Linux. The OVD Web Application Gateway is intended to provide a
single sign on (SSO) capability for Web Applications as well as the ability to integrate
Web Applications into the OVD infrastructure. This documentation describes how to
congure OVD to integrate Web Applications into an OVD user session.

ULTEO SAS 2014 - 2

Ulteo Open Virtual Desktop v4.0.2

Section 2

Overview

The OVD Web Application Gateway is dened as a new role named ulteo-ovd-slaveserverrole-web. The role can be installed as an additional role on an existing server with the
OVD farm or as a dedicated role on a standalone server

The OVD Web Application Gateway can be used in two modes:

path: The path mode denes the full path for a Web Application such as http://ulteo.demo/webapps
domain: The domain mode will use the dns conguration for a domain in order
to access the Web Application such as http://webappname.ulteo.demo/
The publication and conguration of a Web Application is performed on the Applications tab on the OVD Administration Console.

ULTEO SAS 2014 - 3

Ulteo Open Virtual Desktop v4.0.2

Section 3

Installation

The OVD Web Application Gateway can be installed on all the supported distributions

3.1

Red Hat Enterprise Linux 6

Install the keyring package to validate the repository using gpg:

# rpm -- import http :// archive . ulteo . com / ovd /4.0/ rhel /6.0/ keyring

Edit the le /etc/yum.repos.d/ovd.repo with:

[ ovd -4.0.2]
name = Ulteo OVD 4.0.2
baseurl = http :// archive . ulteo . com / ovd /4.0/ rhel /6.0/
enabled =1
gpgcheck =1
gpgkey = http :// archive . ulteo . com / ovd /4.0/ rhel /6.0/ keyring

To install the Premium module ulteo-ovd-slaveserver-role-web that provides the

Web Application Gateway execute the following command:
# yum install ulteo - ovd - slaveserver - role - web

3.2

SUSE Linux Enterprise Server 11.SP1

Add the Premium repository:

# zypper ar http :// archive . ulteo . com / ovd /4.0/ sles /11 _sp1 ovd

Install the keyring package to validate the repository using gpg:

# rpm -- import http :// archive . ulteo . com / ovd /4.0/ sles /11 _sp1 / keyring

Update the package database:

# zypper refresh

To install the Premium Edition ulteo-ovd-slaveserver-role-web that provides the

Web Application Gateway execute the following command:
# zypper install ulteo - ovd - slaveserver - role - web

3.3

Ubuntu Lucid

Edit the /etc/apt/sources.list.d/ulteo_ovd.list le and add these lines:

deb http :// archive . ulteo . com / ovd /4.0/ ubuntu lucid main

ULTEO SAS 2014 - 4

Ulteo Open Virtual Desktop v4.0.2

To install the Premium Edition ulteo-ovd-slaveserver-role-web that provides the

Web Application Gateway execute the following commands:
#
#
#
#

3.4

apt - get
apt - get
apt - get
apt - get

update
install ulteo - keyring
update
install ulteo - ovd - slaveserver - role - web

Ubuntu Precise

Edit the /etc/apt/sources.list.d/ulteo_ovd.list le and add these lines:

deb http :// archive . ulteo . com / ovd /4.0/ ubuntu precise main

To install the Premium Edition ulteo-ovd-slaveserver-role-web that provides the

Web Application Gateway execute the following commands:
#
#
#
#

3.5

apt - get
apt - get
apt - get
apt - get

update
install ulteo - keyring
update
install ulteo - ovd - slaveserver - role - web

Debian Squeeze

Edit the /etc/apt/sources.list.d/ulteo_ovd.list le and add these lines:

deb http :// archive . ulteo . com / ovd /4.0/ debian squeeze main

To install the Premium Edition ulteo-ovd-slaveserver-role-web that provides the

Web Application Gateway execute the following commands:
#
#
#
#

3.6

apt - get
apt - get
apt - get
apt - get

update
install ulteo - keyring
update
install ulteo - ovd - slaveserver - role - web

Debian Wheezy

Edit the /etc/apt/sources.list.d/ulteo_ovd.list le and add these lines:

deb http :// archive . ulteo . com / ovd /4.0/ debian lucid main

To install the Premium Edition ulteo-ovd-slaveserver-role-web that provides the

Web Application Gateway execute the following commands:
#
#
#
#

apt - get
apt - get
apt - get
apt - get

update
install ulteo - keyring
update
install ulteo - ovd - slaveserver - role - web

ULTEO SAS 2014 - 5

Ulteo Open Virtual Desktop v4.0.2

3.7

OpenSUSE 11.3

Add the Premium repository:

# zypper ar http :// archive . ulteo . com / ovd /4.0/ opensuse /11.3 ovd
# zypper refresh

Install the keyring package to validate the repository using gpg:

# rpm -- import http :// archive . ulteo . com / ovd /4.0/ opensuse /11.3/ keyring

Update the package database:

# zypper refresh

To install the Premium Edition ulteo-ovd-slaveserver-role-web that provides the

OVD Web Application Gateway execute the following command:
# zypper install ulteo - ovd - slaveserver - role - web

ULTEO SAS 2014 - 6

Ulteo Open Virtual Desktop v4.0.2

Section 4
4.1

Configuration

Configuration file

In order to integrate a Web Application, a JSON conguration le is required. More

details on the JSON format can be found in Wikipedia: http://en.wikipedia.org/wiki/
JSON. One JSON le is required for each Web Application. Once created, the JSON
cong le can be uploaded using the OVD Admin Console. The conguration of the
JSON le is described below. Conguration parameters described in this section can
be assigned the value of a setting that is dened in the Admin Console. This is done
by using variables to contain those values. They can be used in handlers and lters on
any nesting level.

4.1.1

Configuration Section

Parameters described in this section are variables which are congurable in OVD
Administration Console. They can be used in handlers and lters on any nesting
level. The syntax for using a variable is of the form $(VARNAME).
There are ve types of variable:
url text input eld in Admin console (checked if its valid)
string text input eld in Admin Console
boolean checkbox input eld in Admin Console
user_login login of current logged in user
user_passwd password of current logged in user
In the conguration section, you dene variables which will be used in the handlers
section. You have to set minimum, the type and the value. The variables will be
shown on a form in the appropriate Web Application in the OVD Administration
Console
Example:
" Configuration ": {
" TARGETURL ": {
" type ": " url " ,
" title ": " Server URL " ,
" value ": " https :// demo . zarafa . com / webapp "
},
" USER_LOGIN ": {
" type ": " string " ,
" value ": " demo12 "
},
" USER_PASSWD ": {
" type ": " string " ,
ULTEO SAS 2014 - 7

Ulteo Open Virtual Desktop v4.0.2

" value ": " demo12 "

}
}

Any other type used in the JSON le will be displayed in Administration Console as
a read-only text input eld.
The optional parameter title is used in the Administration Console as the label for
the input eld.

4.1.2

Handlers Section

This section denes the handlers and the order in which the handlers should be
used to handle trac between a users browser and a Web Application.
Each handler should have a unique name (key). The parameter type is required and
denes the type of handler. Optional parameter lters describes lters that should
be processed during request handling.

4.1.2.1

ServerHandler

ServerHandler - manages the basic conguration for the target Web Application
Parameters:
baseURI (required) address of the Web Application
next_handler (required) name of the next handler
Example:
" Server ": {
" type ": " ServerHandler " ,
" baseURI ": " http :// $ ( TARGETIP ) " ,
" next_handler ": " Dispatch "
}

4.1.2.2

ClientHandler

ClientHandler opens a connection to the target Web Application, downloads

the requested date and returns it to the users browser.

ULTEO SAS 2014 - 8

Ulteo Open Virtual Desktop v4.0.2

Example:
" Client ":{
" type ": " ClientHandler "
}

4.1.2.3

DispatchHandler

DispatchHandler chains the query to others handlers, based on the dened

rules.
Parameters bindings (required) consists of a list of conditions and a next_handler
which is the handler to execute if no condition is fullled.
A Condition Parameter consists of a condition and a next_handler which is the
handler to execute if the condition is fullled.
cond (required) any valid python expression.
next_handler (required) - name of the handler to be executed if the condition is
fullled
Variables available in a cond expression:
request_path (string) path of requested resource
request_headers (list) list of request headers
Example:
" Dispatch ":{
" type ": " DispatchHandler " ,
" bindings ":{
" condition1 ":{
" cond ": " request_path . startswith (/ manage) " ,
" next_handler ": " Unauthorized "
},
" condition2 ":{
" cond ": "login_form in request_path " ,
" next_handler ": " LoginForm "
},
" next_handler ": " Client "
}
}

ULTEO SAS 2014 - 9

Ulteo Open Virtual Desktop v4.0.2

4.1.2.4

ChainHandler

The ChainHandler is a connector between two handlers. It is used mainly to

add lters between two handlers.
Example:
" Chain ":{
" type ": " ChainHandler " ,
" next_handler ": " Client "
}

4.1.2.5

RedirectHandler

The RedirectHandler redirects the browser to a given location. Parameter location (required) can dene the URL or path to which the browser should be
redirected.
Example:
" Unauthorized ":{
" type ": " RedirectHandler " ,
" location ": "/ site /401"
}

4.1.3

Filters Section

Each handler can dene a list of lters. Filters handle several authentication by
adding or modifying data in request and response. Filters are dened as an array
of object

4.1.3.1

StaticRequestFilter

StaticRequestFilter makes an internal http query. In most cases, its used to

submit login form and acquired cookies created after submit.
Parameters:
path (required) - (string) - path to login form.
form (required) - (string) - input elds which are part of the form
ULTEO SAS 2014 - 10

Ulteo Open Virtual Desktop v4.0.2

autologin (required) - (boolean) - denes if the form is automatically submitted or

not (true or false)
regexp (optional) - (string) - regular expression used to match redirects
content_regexp (optional) - (string) - regular expression used to match response
content
On rst request, OVD Web Application Gateway will open page congured in
path parameter. In content of this page will nd all input elds listed in form
parameter and insert values. After this it will submit form that contains listed
input elds.
If server response has 302 code and Location header matches regexp attribute or server response has 200 code and response content matches content_regexp attribute then OVD Web Application Gateway will relogin (submit
again data) to the Web Application.
Example:
{
" type ": " StaticRequestFilter " ,
" path ": "/ site / login_form " ,
" autologin ": false ,
" form ":{
" ac_login ": " $ ( USER_LOGIN ) " ,
" ac_password ": " $ ( USER_PASSWD ) "
}
}

4.1.3.2

CookieFilter

CookieFilter is able to inject cookies in the stream, read them back and update. This lter will retrieve the cookie from the server and store it users
session to reinject it at the next requests.
Parameters:
managed (optional) - (array) - array of cookie names that should be managed
by OVD Web Application Gateway. Those cookies will not be visible in users
browser.
suppressed (optional) - (array) - array of cookie names that should be removed by
OVD Web Application Gateway. If the users browser does send such a cookie it
will be dropped and the Web Application will not receive it. If Web Application
does set such a cookie is will be dropped, and the users browser will not receive
it
replayed (optional) - (array) - array of cookie names that shouldnt be changed

ULTEO SAS 2014 - 11

Ulteo Open Virtual Desktop v4.0.2

If cookie is not dened in managed, suppressed or replayed lists it will be

dropped (such as it would be on suppressed list).
Example:
{
" type ": " CookieFilter " ,
" managed ": " WEBAPPScookie " ,
" relayed ": " I18N_LANGUAGE "
}

4.1.3.3 HttpBasicAuthFilter

HttpBasicAuthFilter is able to inject http basic authentication header.

Parameters:
user (required) - (string) - username
pass (required) - (string) - password
If cookie is not dened in managed, suppressed or replayed lists it will be
dropped (such as it would be on suppressed list).
Example:
{
" type ": " HttpBasicAuthFilter " ,
" user ": " $ ( USER_LOGIN ) " ,
" pass ": " $ ( USER_PASSWD ) "
}

4.1.3.4 NTLMFilter

NTLMFilter is able to inject NTLM authentication header.

Parameters:
user (required) - (string) - username
pass (required) - (string) - password
If cookie is not dened in managed, suppressed or replayed lists it will be
dropped (such as it would be on suppressed list).
Example:

ULTEO SAS 2014 - 12

Ulteo Open Virtual Desktop v4.0.2

{
" type ": " NTLMFilter " ,
" user ": " $ ( USER_LOGIN ) " ,
" pass ": " $ ( USER_PASSWD ) "
}

4.2

Configuration Example

The example below illustrates how to congure and use Zarafa (a Webmail application)
in Ulteo Open Virtual Desktop
{
" title ": " Zarafa WebApp " ,
" Configuration ": {
" TARGETURL ": {
" type ": " url " ,
" title ": " Server URL " ,
" value ": " https :// demo . zarafa . com / webapp "
},
" USER_LOGIN ": {
" type ": " string " ,
" value ": " demo12 "
},
" USER_PASSWD ": {
" type ": " string " ,
" value ": " demo12 "
}
},
" Handlers ": {
" Start ": {
" baseURI ": " $ ( TARGETURL ) " ,
" next_handler ": " LoginRequestHandler " ,
" type ": " ServerHandler "
},
" Client ": {
" type ": " ClientHandler "
},
" LoginRequestHandler ": {
" next_handler ": " Client " ,
" type ": " ChainHandler " ,
" filters ": [
{
" type ": " CookieFilter " ,
" managed ": [
" ZARAFA_WEBAPP "
]
},
{
" type ": " StaticRequestFilter " ,
" path ": "/ webapp /" ,
" autologin ": false ,
" content_regexp ": " login_main " ,
" form ": {
" username ": " $ ( USER_LOGIN ) " ,
ULTEO SAS 2014 - 13

Ulteo Open Virtual Desktop v4.0.2

" password ": " $ ( USER_PASSWD ) "

}
}
]
}
}
}

ULTEO SAS 2014 - 14