Skip to main content
Skip table of contents

PLANTA secure

Information

  • PLANTA secure provides a higher standard of security using the two-factor authentication (2FA) which is recommended by the German Federal Office for Information Security.
  • For more information, please contact your PLANTA consultant.

PLANTA secure components

Installation Instructions

Information

  • The server adapter must be configured as described in the corresponding section below and must be made available in a server container. A direct TCP connection to a preexisting PLANTA Server and authentication for single sign-on via proxy are required.
  • Once you have set the application configuration as outlined in the corresponding specific section below, the Client Adapter can be used as-is. An existing PLANTA Client must be available.
  • Common authentication methods of the company, like smart cards, can be addressed via respective plug-ins. For more information, please contact your PLANTA consultant.

PLANTA Server


Server Adapter


Reverse Proxy

Information

  • The BOSH protocol, which is used by PLANTA to establish a connection, does not work with HTTP pipelining and is disabled in the client adapter. Hence the reverse proxy must not employ HTTP pipelining when forwarding requests to the Server Adapter.
  • Persistent connections as of HTTP 1.1 / keepalive should be enabled for improved latency and throughput, esp. when using SSL-encrypted connections.

Details

  • The value specified for bosh.session.max_wait in the servlet's config.properties is the lower bound for the reverse proxy's read timeout; otherwise polling requests may be aborted with a 504 gateway timeout error.
    • This can just as well be taken care of the other way around - if a lower maximum request timeout is desired, max_wait should be slightly below that value in order for polling requests not to run into trouble.
  • If proxy authentication is enabled in the Server Adapter, the name of a HTTP header containing the user ID can be configured. The value of this field is passed on to the PLANTA Server as-is. Further processing is subject to customizing. See the "PLANTA Server" section for further information.

Here is a sample nginx configuration excerpt for a working reverse proxy setup

PY 
http {
    server {
        location /planta {
            # servlet location as defined during deployment
            proxy_pass http://servletcontainer.example.com:8080/PLANTAServerAdapter/;

            # read timeout needs to be be set >= the value of
            # bosh.session.max_wait in the servlet's config.properties, which
            # defaults to 900
            proxy_read_timeout  900s;

            # persistent connections as per http keepalive improve both latency
            # and throughput, esp. with SSL connections
            proxy_http_version  1.1;
            proxy_set_header Connection  "";

            # just push some dummy value as proxy-authenticated user
            proxy_set_header iv-user nobody;
        }
    }
}

Client Adapter

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close