This document describes version 6 of Unblu. If you’re using the latest major version of Unblu, go to the documentation of the latest version.

The support period for version 6 ended on 29 August 2023. We no longer provide support or updates for this version. You should upgrade to the latest version of Unblu.

Managing restricted resources without the SecureFlow Manager

While the Unblu SecureFlow Manager (filter) is the high path to managing protected, session-based or encrypted resources in an embedded co-browsing session, there are alternatives for at least three cases where internal resources are being utilized.

This page lists options and alternatives to manage resources without the SecureFlow Manager. “Protected” means that resources require authentication.

Resource Type	Availability without SecureFlow Manager	Availability with SecureFlow Manager	Workaround
Static & Public	Yes	Yes	Not required
Static & Protected	No	Yes	Possible (Case A)
Dynamic / Session-based & protected	No	Yes	Possible (Case B)
Encrypted URL	No	Yes	No
Dynamic & Public	No	Yes	Similar to case B

Resource Type

Availability without SecureFlow Manager

Availability with SecureFlow Manager

Workaround

Static & Public

Yes

Not required

Static & Protected

Yes

Possible (Case A)

Dynamic / Session-based & protected

Yes

Possible (Case B)

Encrypted URL

Yes

Dynamic & Public

Yes

Similar to case B

Workarounds

To manage access to resources for the agent desk without the SecureFlow Manager:

Case A

Resources can be provided to agent browser through the following mechanisms:

The Bank needs to ensure that the same resources are internally available under a different, internal URL, without the need to authenticate. This is often possible for images and CSS files that are not of a confidential nature.
The Unblu server can be configured to rewrite the original resources URL to an internal URL (host). The agent browser will access the resources from the internal resource as opposed to the protected external path.
For the re-writing, the Unblu server provides a configuration that allows resource patterns to be automatically re-written:

com.unblu.visual.resource.recorder.uriTransformPattern=regex

com.unblu.visual.resource.recorder.uriTransformReplacement=regex

Case B

Session-specific resources (images only) can be provided to the agent browser through the following mechanism:

The application (instrumented web application) needs to provide access to the relevant resource through providing it on another URL/host — either by providing an alternative path or a copy on an alternative path.
The e-banking (instrumented application) needs to feature a logic in which all session specific resources are getting a new, additional source attribute (called unbluSrcReplacement) AND the alternative internal URL.
For all agent request, the Unblu recorder would recognise the unbluSrcReplacement attribute and ensure that the agent browser loads the resource from this alternative URL as opposed the original URL

Example

The application has a dynamic (or session-based) image:

<img id="chartData" src="session-specific-url-to-image"/>
The application (or an internal network component) provides access to that image through an internal URL, i.e. “agent-side-url”
The application (instrumented webpage) modifies the image element as follows:

<img id="chartData" src="session-specific-url-to-image" unbluSrcReplacement="agent-side-url"/>