JADE Environment Development Ideas

What's new in the upcoming JADE release?


The JADE 2022 release meets tomorrow’s business demands.

Start your update to JADE's latest release

Support for proxy.pac and wpad.dat files

We have a new customer whose parent company has a strict security policy which requires the use of proxy.pac and wpad.dat files. We spoke with JC24 Management and learned this is a limitation in the JADE product, as evidenced by the error message below captured from the jommsg.log file:

jomsec: sslProxy::setProxyByUrl: You are attempting to use an unsupported feature. proxy.pac URL =http://proxy.net.rhs.zz:8080/accelerated_pac_base.pac.

As a short term workaround to support training and the initial implementation phases, they have had to manually override the proxy settings, but this is not sustainable as a long term solution. It is quite urgent, as a matter of fact, as we are essentially violating their security policy.

Note, there was an NFS created in PARSYS quite some time ago for this (#37362).

  • Guest
  • May 3 2022
  • Future consideration
  • Attach files
  • Guest commented
    29 Jan 09:37pm

    Is there any update on this? The client is going live in May 2023 and this cannot be sustained as a long term solution.

  • Admin
    John Richards commented
    11 May, 2022 01:07am

    The JADE Plant has reviewed this JEDI and needs to conduct some research before we can give a definitive answer.

  • David Bonne commented
    3 May, 2022 10:21pm

    There are tools that enable you to "evaluate" the proxy settings by passing the Client IP, Target FQDN or URL and pac file to the tool. I use pactester.exe (and pacparser.exe) to confirm pac file behaviour (and integrity) before rolling changes out to the wpad.dat and proxy.pac files for our Proxy Servers. I imagine it's a matter of incorporating similar functionality for the JADE Thin Client to be able to perform each time the client started.

    The example in this case shows http://<etc> , but the client would also need to be able to retrieve the pac file using https://<etc> to be properly universal. It will also need to be able to support IPv6.

    As the pac file can contain complex decision making directives to determine which proxy any particular client should be using, having this functionality would be a definite plus in cases where the customer does not want to use DNS or other mechanisms to facilitate Disaster or Fault Recovery, or where they have security considerations or limitations for the client hosts that mandates this functionality.