Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

STA documentation
- Explore Thales Docs

SafeNet Trusted Access
SafeNet Agents
SafeNet MobilePASS+
API references
Account management
Release notes

All

All

SafeNet App Gateway

Plugin Model

SafeNet Agents
SafeNet Synchronization Agent
- Install SafeNet Synchronization Agent
- LDAP synchronization server
- SafeNet Synchronization Agent for LDAP
- Configure for SQL
- Synchronization groups
- AD password synchronization
- Grant synchronization permission
- Transaction and synchronization details
- View the LDAP schema
- Aliases 3 and 4
- Configuration options
- Event notifications
- Browse the user source
- Start and stop SafeNet Synchronization Agent
- Backup or restore configurations
- SafeNet Synchronization Agent log files
- Synchronize users from Microsoft Entra ID
- SafeNet Synchronization Agent - Frequently Asked Questions
SafeNet Logging Agent
- Log event types
SafeNet Agent for FreeRADIUS
- Install SafeNet Agent for FreeRADIUS
- Download BSID and JWT Keys
- Install FreeRADIUS
- Upgrade FreeRADIUS
- Startup script
- Manual client updater
- Troubleshoot SafeNet Agent for FreeRADIUS
- Protected Extensible Authentication Protocol
SafeNet Agent for NPS
- Compatibility and Components
- NPS for RADIUS Clients
- SafeNet agent for NPS
- Install SafeNet Agent for NPS
- Uninstall SafeNet Agent for NPS
- Upgrade SafeNet Agent for NPS
- RADIUS return attributes
- Proxy server
- NPS settings
- NPS communication settings
- Authentication test
- NPS logging
- NPS localization
- PUSH notifications and NPS
- SafeNet Agent for NPS
SafeNet Agent for Windows Logon
- Installation and Configuration Overview
- System Requirements
- Windows Logon Agent - Authentication Methods
- Pre-installation
- Installing the agent
- Upgrading the agent
- Uninstalling the agent
- Deploying the agent via Group Policy Object
- Deploying the agent via Intune
- Deploying the agent via Microsoft Endpoint Configuration Manager
- Registry Settings
- Management
- Troubleshooting and Advanced Configurations
- Running the Solution
- Passwordless Windows Logon
- Pre-installation
- Customizing SafeNet Desktop Logon Application
SafeNet Agent for macOS Logon
- Pre-installation
- Installing, Configuring, Upgrading, and Uninstalling the agent
- Management
- Testing the Solution
SafeNet App Gateway
- System Requirements
- Security Recommendations
- Single Sign-On (SSO) Support for SafeNet App Gateway
- Pre-installation
- Generic Template for SafeNet App Gateway
- Oracle PeopleSoft
- Jenkins Application Configuration in SafeNet Trusted Access
- Deployment options
- Installing the Agent
- Configuring the Agent
- Upgrading and Uninstalling the Agent
- Plugin Model
- Troubleshooting
- Testing the Solution

STA documentation
SafeNet Agents
SafeNet App Gateway
Plugin Model

Plugin Model

The SafeNet App Gateway agent provides a plugin model to modify the request before sending it to the protected application. The plugin model provides an interface that can be implemented to modify header, cookie, params, and form body before sending the request to the protected application.

Use case for a sample custom plugin file

A sample custom plugin lua file and an HTML template are provided here which can be used to support the following use case scenario for the form-based authentication.

In some scenarios, application access may require extra user attributes (for example, csrfToken) to provide an additional layer of security. In such scenarios, the SafeNet App Gateway agent uses the custom lua scripts to fetch csrfToken from the HTML <body> before authentication and bundles it with other attributes as part of the POST Call (forwarding response to the protected application) during authentication.

Detailed steps to configure the CSRF token for SafeNet App Gateway are mentioned here.

Perform the following steps to use the custom plugin model:

Create a clone of the sample plugin lua file and HTML template available here.
The sample plugin lua file can be used to modify the request at the agent side. In the sample plugin lua file:
1. Modify the interface methods to add customization as per your application. Refer to the sample plugin file for the interface methods details.
2. Provide the friendly app name in the getAppFriendlyName method. You can find the friendly app name in the downloaded agent configuration file.
The HTML template contains the form element used to send the login details to the SafeNet App Gateway agent. It can be used to modify the login request using Javascript within the browser. In the HTML template,
1. The form action URL must be set to {LoginUrl}. It will be automatically replaced by the agent with the Login URL (as configured in STA application template).
2. You can update the submitform Javascript method to modify the request before the form is submitted.
Mount the folder that contains the custom plugin scripts as docker volume in the SafeNet App Gateway custom plugin folder (/usr/local/thales/safeNetApplicationGateway/src/customPlugins).

In the docker compose file, there is a field named volumes (commented), which mounts the custom plugin files to the docker container. The user can uncomment it and then modify the location to load the custom plugin files to the docker container.

On this page

SafeNet Trusted Access

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Customer Support Portal
Legal

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com