Navigation:  How to... > Work with two Applications and one UserManagement DB

In many enterprise scenarios WebOffice 10 R3 is installed for internal use (intranet application) and external use (internet application) where i.e. the intranet application is used to edit data and the internet application is used to present the edited data.

In such scenarios the administrative effort is quite big because, usually, two separate applications with separate UserManagement configurations and databases are used. Usually for an intranet application the Single Sign On method is used to provide the biggest possible comfort to the users and the UserManagement maintenance effort is minimized for the administrator using only the Active Directory roles in the UserManagement DB instead of all users. The internet user instead, are not member of the Active Directory and cannot be granted with access rights using their OS login. Due to that, WebOffice applications for internet use are secured using the authentication type UserManagement DB.

To minimize the administrative workload the following scenario (also see figure below) for this use-case is recommended:

- Setup two WebOffice 10 R3 applications (one for internal and one for external use - see chapter Create a new WebOffice Application inside Apache Tomcat for details)

- Setup a SSO configuration for the internal application (see chapter Authentication Type SSO for details)

- Be sure only to insert the exception for the internal application in uriworkermap.properties file!

- Setup a UserManagement configuration for the external application (see chapter Authentication Type UserManagement-Database for details)

- Use the same UMDB (DB Connection information for read access) as used in the internal application

- Insert your AD groups and an internet user group and account to the UMDB

- Provide the link to you internal projects using port 80 (no port declaration in URL necessary)

- Provide the link to your external projects using Tomcat port (i.e. 8080). If you do not want to provide a URL to internet users with a non-default port, use a Reverse Proxy to rewrite the URL (external port 80, internal port 8080; see chapter Configuration of Apache Reverse Proxy for details on how to configure an Apache Reverse Proxy). Be sure not to use the ISAPI Redirector, because it is used with Windows Authentication for the SSO scenario of the internal application!