12.2.3 Configuring Name Resolution

Identity Server needs to resolve the DNS name of Access Gateway, Access Gateway needs to resolve the DNS name of Identity Server, and the client that is accessing the Digital Airlines site needs to be able to resolve the names of both Access Gateway and Identity Server.

You can set up your DNS server to resolve the DNS name of Identity Server and Access Gateway to the correct IP address, or you need to modify the /etc/hosts file on the various machines to perform the resolution.

Client: The hosts file of the client machine needs to contain entries for Identity Server and Access Gateway.

Identity Server: The hosts file on Identity Server needs to contain an entry for Access Gateway.

Access Gateway: The hosts file on Access Gateway needs to contain an entry for Identity Server.

  • Access Gateway Appliance: Do not manually edit the hosts file on Access Gateway Appliance. The file is overwritten every time the configuration is updated with the entries specifies on the Hosts page. To add an entry to the Hosts page, click Devices > Access Gateways > Edit > Hosts, then click New. The entries on this page are written to the hosts file when the configuration is updated.

  • Access Gateway Service: You can edit the hosts file on Access Gateway Service. Add an entry that allows Access Gateway Service to resolve the name of Identity Server.

Access the PR with 1 or 2. The user is authenticated using Identity Server and redirected to PR. If you see the Unable to authenticate. (300101014-esp-2A09953FD71907F7), error, ensure that time and dates are synced across the Access Manager setup by using the command ntpdate -u pool.ntp.org and restart the services (Administration Console, Identity Server, Access Gateway) on that host.

Continue with Section 12.3, Configuring Public Access to Digital Airlines.