Secure Web Stack profiles (API)
Secure Web Stack parameters
Use these parameters when you apply the Secure Web Stack policy (POLICY_CODE_SECURE_WEB_STACK) to the app with app-market/policy.
| secure_web_stack_proxy_method | Values: none, manual, or automatic. |
| secure_web_stack_proxy_host | The hostname or IP address of Secure Web Stack server that the Blue Cedar-protected app uses to access external HTTP resources. Note: If you are using manual proxy, you must set the host and port parameters for the proxy server. If you do not configure both parameters, the Blue Cedar-protected app cannot utilize the proxy server to access HTTP resources. |
| secure_web_stack_proxy_port | Integer. The port number of the Secure Web Stack server that Blue Cedar-protected app uses to access external HTTP resources. |
| secure_web_stack_proxy_auto_conf_url | The default URL for the Proxy auto-configuration (PAC) file that an HTTP-based app uses to specify an HTTP Proxy server. |
| secure_web_stack_single_sign_on | Whether to retrieve single sign-on cookies from the gateway. If set to 1 and the gateway supports SSO credentials, then the app can receive the credentials immediately following authentication. |
| Advanced: | |
| secure_web_stack_intercept_wk_webview | Unprotected apps that use WKWebView (an Apple framework object that displays web content) send WKWebView traffic separately from the other app data. When protecting apps that use WKWebView, you can specify whether to protect this separate data: Values:
|
| secure_web_stack_proxy_verification_url | A URL that requires authentication to the proxy for your configuration. |
| secure_web_stack_legacy_proxy_exists |
|
| secure_web_stack_legacy_proxy_host | The hostname or IP address of the HTTP proxy server that the secured app uses on Android pre-Lollipop devices. |
| secure_web_stack_legacy_proxy_port | Integer. The port number of the HTTP proxy server that the secured app uses on Android pre-Lollipop devices. |
| secure_web_stack_legacy_ use_web_stack_for_java_api | 1: The secured app's HTTP-related Java API calls should go through the Secure Web Stack 0: The app's HTTP-related Java API calls should go through the Android pre-Lollipop device proxy. Must be set to 1 unless otherwise directed by Blue Cedar support. |
Parameter | Description |
|---|
Secure Web Stack API resources
To manage Secure Web Stack profiles, use these resources:
- profile : Use type="secure_web_stack" to create a Secure Web Stack profile. See example below.
- profile/catalog/{policytype} : Use "secure_web_stack" for "{policytype}". GET returns an array of details for all policy profiles of the specified type.
- profile/{GUID} : Use the profile ID to specify a policy profile. GET returns details for the specified profile, PUT updates the details in the specified profile, and DELETE archives the profile.
- settings/secure-web-stack-default-profile ( settings/{policytype}-default-profile ): POST sets one of the Secure Web Stack profiles as the default. GET returns the GUID of the current default profile. DELETE archives the current default.
To retrieve details for the policy:
- app-policy/{GUID} : Use the policy ID to specify a policy. GET returns details for the specified policy.
- app-policy/code/{code} : Use POLICY_CODE_SECURE_WEB_STACK to specify the policy. GET returns details for the specified policy.
To secure apps with the policy:
- app-market/policy : Use the policy GUID to apply the policy to an app.
Creating a Secure Web Stack profile
This example creates a Secure Web Stack profile with the profile API, specifying all options.
Request
curl -k -v -L -b c.txt -c c.txt -X POST http://bc.qwe.com/mocana-app-control/rest/profile \
-F name="TestProfile" \
-F type="secure_web_stack" \
-F desc="Default Profile" \
-F data="{\"secure_web_stack_proxy_method\":\"manual\", \
\"secure_web_stack_proxy_port\":8080, \
\"secure_web_stack_proxy_host\":\"host\", \
\"secure_web_stack_proxy_auto_conf_url\":\"\", \
\"secure_web_stack_proxy_verification_url\":\"http://verify.com\", \
\"secure_web_stack_single_sign_on\":\"1\", \
\"secure_web_stack_legacy_proxy_exists\":\"1\", \
\"secure_web_stack_legacy_proxy_host\":\"fallback_host\", \
\"secure_web_stack_legacy_proxy_port\":\"8000\", \
\"secure_web_stack_intercept_wk_webview\":\"network\", \
\"secure_web_stack_legacy_use_web_stack_for_java_api\":\"1\"}"Response
{
"message":"",
"profiles":{
"data":{
"profile_data":"{\"secure_web_stack_proxy_method\":\"manual\",
\"secure_web_stack_proxy_port\":8080,
\"secure_web_stack_proxy_host\":\"host\",
\"secure_web_stack_proxy_auto_conf_url\":\"\",
\"secure_web_stack_proxy_verification_url\":\"http://verify.com\",
\"secure_web_stack_single_sign_on\":\"1\",
\"secure_web_stack_legacy_proxy_exists\":\"1\",
\"secure_web_stack_legacy_proxy_host\":\"fallback_host\",
\"secure_web_stack_legacy_proxy_port\":\"8000\",
\"secure_web_stack_intercept_wk_webview\":\"network\",
\"secure_web_stack_legacy_use_web_stack_for_java_api\":\"1\"
}",
"profile_data_id":"323910c4-f6da-4983-95ad-6a4a462bf179",
"profile_data_stamp":"2017-02-14 13:31:48.0"
},
"profile_desc":"Default Profile",
"profile_id":"d3858abe-9dc0-441c-8d4d-89f035dd9544",
"profile_name":"TestProfile",
"profile_type":"secure_web_stack"
},
"status":"OK"
}