In debugging rewrite issues Pulse Secure engineering and dev teams require a way to replicate the issue. Configuring the problem Web resource over WSAM gives Pulse Secure dev team the ability to access the Web content as a direct stream and issue can be reproduced in-house and a fix can be provided. With WSAM access, the time to resolve a Web rewrite issue is reduced substantially.
- Go to Users > User Roles > New User Role to create a new user role named Pulse Secure (for example) , Enable Options > Pulse Secure Client and also enable Secure Application Manager > WSAM on the role.
- Go to Resource Profiles > SAM > WSAM Destinations.
- Click New Profile.
- Provide a name for the profile.
- In the WSAM destinations section add the server IP(s) or host names of the site that the rewrite issue is occurring on. Click Add. Continue to add sites as needed.
- Check the box to Create a SAM access control policy allowing access to these servers.
- Click Save and Continue.
- On the "Roles" page, select the Pulse Secure role that was created in step 1 and apply it to the policy.
- Click Save and Continue.
- The bookmark configuration page will show the name of the bookmark that will appear on the bookmark page. When a user clicks the bookmark, Pulse SAM will start up and tunnel the traffic to the specified hosts.
- Go to Auth Servers > System Local and add a new user. This is the user account that Pulse Secure will use to sign-in to the PCS appliance and launch Pulse SAM.
- Create a new User Realm named Pulse Secure that authenticates users from the System Local auth server.
- Create a role-mapping rule on the Pulse Secure realm based on username that maps the Pulse Secure user to the Pulse Secure role. (If you instead choose to configure the role-mapping rule on an existing realm or on a new realm but with an existing role, we recommend that you check the option to "Stop Processing rules when this rule matches". After saving the changes, move the test rule to the top of the list so that it is not possible for the Pulse Secure user to get mapped to any other roles.)
- Go to Signing In > Sign In Policies and create a New URL. Enter "*/pulsesecuretest" as the Sign-In URL and in the Authentication realm section, select the radio button for "User picks from list of authentication realms" and select the Pulse Secure realm from the Available realms and move it to the Selected Realms.
- Use the Pulse Secure sign-in URL and account access to sign-in, click the web bookmark, and verify the traffic is going over the Pulse SAM tunnel. Browse to the page that the problem exists with and verify that it is "working as expected" since this is the expected result via Pulse SAM as the traffic is not being rewritten.
- Update the case with instructions for the Pulse Secure support team to follow to replicate the issue once they click the Web Bookmark. This can also be provided in a Word doc containing screenshots.
- Export the Users config by going to Import / Export > Import / Export Users and save a copy of the User config and upload this to the case.
- Contact the Pulse Secure case owner and provide the login details for Pulse SAM access and/or update the case with the details.
Please refer KB40981 - How to capture web traffic using fiddler web debugging tool to help debug rewrite issues
for collecting fiddler trace.
Please also refer attached Rewriter Troubleshooting Guide.pdf for troubleshooting assistance