MAS Proxy¶
With the switch to MAS, it's not possible to use the newly MAS Manage application inside of an iframe
anymore. Various CORS configurations
for MAS Mange but also the authentication process get in the way. To work around that we provide a proxy that must be run alongside Insight.
The MAS proxy is an nginx http-server configured to proxy the MAS Mange application under a different domain/hostname, so it is possible to include that into the Insight Control Panel through an iframe. The proxy handles various parts of the MAS Manage application, like headers, cookies and content before it is send to the browser.
This concept is documented by IBM here.
Our configuration only allows access to the following hostnames:
- masdev.manage.masinsight.dev.app.company.tld
- api.masinsight.dev.app.company.tld
- auth.masinsight.dev.app.company.tld
Goal¶
The goal is to make the MAS manage application available under the same domain as the Insight application.
Example¶
All further documentation is based on this example.
- Domain/Hostname used for Insight:
masinsight.dev.app.company.tld
-
Domain/Hostname used for MAS manage:
masdev.manage.mas.app.company.domain.tld
-
Proxy must be:
masdev.manage.masinsight.dev.app.company.tld
->masdev.manage.mas.app.company.domain.tld
Example .yaml-file with deployment, service and ingress here.
Configuration¶
Pod/Container¶
Image: rodias.azurecr.io/mas-proxy:latest
ENV | Required | Description |
---|---|---|
MAS_DOMAIN | ✅ | the basic domain/hostname of the MAS environment (1) |
MAS_INSTANCE | ✅ | the instance name of your manage application (2) |
PROXY_DOMAIN | ✅ | the basic domain/hostname of your Insight environment (3) |
DNS entries and valid certificates for the following domain/hostnames:¶
- masdev.manage.masinsight.dev.app.company.tld
- api.masinsight.dev.app.company.tld
- auth.masinsight.dev.app.company.tld
Routes for the following hostnames pointing to the mas-proxy service-port¶
See example here.
- masdev.manage.masinsight.dev.app.company.tld
- api.masinsight.dev.app.company.tld
- auth.masinsight.dev.app.company.tld
Tests¶
- Open
https://masdev.manage.masinsight.dev.app.company.tld/maximo/
in your bowser- You should be redirect to
https://auth.masinsight.dev.app.company.tld
- You should be redirect to
- Login with you MAS credentials
- After successful login you should be ...
- Redirect to
https://masdev.manage.masinsight.dev.app.company.tld/maximo/
Client Configuration¶
When the MAS-proxy is configured and tested continue by configuring config.json:
{
"maximoUi": "https://<instance>.manage.masinsight.company.domain.tld/maximo",
}