Hi, I was watching a demo video on how to protect applications via WebSEAL at https://www.securitylearningacademy.com/course/view.php?id=2694 and I was able to follow the demo. My question is about how do I prevent direct access to the application? For example, testuserB can directly access IBM.com without going through ISVA/WebSeal.
I know the demo was using a publicly accessible site but is there a demo or steps to protect an internal application in a similar way where you can only access the application via WebSeal/ISVA and any direct access results in first authenticating with ISVA. Really curious to understand how we can put an internal application behind reverse proxy and prevent direct access to it and any access should be via the reverse proxy after authenticating with ISVA
------------------------------
Narayan Verma
------------------------------