Xton Access Manager SSL Configuration

Xton Access Manager (XTAM) is a WEB application deployed into a WEB container that listens as a WEB Front End (WFE) for the incoming connections on the default port 8080. While this default setup is adequate for trial and moderate use of the application, the recommended configuration that opens this WEB container to the outside world involves a load balancer (reverse proxy) deployed in the front of the WFE or multiple WFEs. The reverse proxy is used to control incoming traffic, to load balance multiple XTAM WEB containers for high availability and scale ability options and also to secure the incoming traffic with a SSL certificate.

 

Microsoft Internet Information Server (IIS) is the recommended load balancer for XTAM deployments on Windows platforms. Apache HTTP Server is the recommended load balancer for the application deployments on Linux platforms. XTAM setup for Windows includes the option that automatically installs (if not yet installed) and configures IIS server to load balance one or more XTAM WEB front ends in a server farm. XTAM default installation also includes a command line tool that installs (if not yet installed) and configures IIS load balancer for the already installed XTAM WFE in case the load balancer should be added to the server farm after XTAM deployment and not during the initial installation.

 

When configuring SSL in XTAM, the expectation is that the SSL certificate has already been obtained and properly configured for IIS or Apache HTTP server for the target endpoint URL to secure the incoming WEB traffic if required.

 

 

During installation

Configuring SSL (HTTPS) for an XTAM deployment (during installation):

 

1. Obtain, deploy and configure your SSL certificate in either IIS (Windows) or Apache HTTP (Linux). Ensure your secure connection to your target endpoint is working as expected before proceeding with the initial installation.

 

2. Check the “Load Balancer” option during installation.

 



 

3. Complete the installation as required.

 

4. When it completes, open your browser and navigate to your secured target endpoint to confirm it is working. For example, opening the URL https://[yourTargetEndpoint]/xtam should open the login prompt for XTAM.

 

Post installation

Configuring SSL (HTTPS) in an existing non-secured (HTTP) XTAM deployment (post installation):

 

1. Obtain, deploy and configure your SSL certificate in either IIS (Windows) or Apache HTTP (Linux). Ensure your secure connection to your target endpoint is working as expected before proceeding.
2. For IIS, download the following: https://bin.xtontech.com/product/pam-tdp.zip
3. Unzip “pam-tdp.zip” and copy the pkg folder to the root of the XTAM installation path (default is c:\xtam)
4. Open a cmd prompt (as an administrator) and change directory (cd) to the root of the XTAM installation path (default is cd c:\xtam)

 

5. From this root location, enter and execute the following command: bin\wssetup.cmd localhost



6. During the configuration, you may be prompted to accept the installation of two applications (rewrite_amd64 and requestRouter_amd64), please confirm and run both.
7. Configuration can take a few minutes to complete. When it completes, open your browser and navigate to your secured target endpoint to confirm it is working. For example, opening the URL https://[yourTargetEndpoint]/xtam should open the login prompt for XTAM.

 

If you are having any difficulties, please contact support for further assistance.