The network requirements that are required by application developers to help configure your application to support the WalkMe Desktop SDK.
- WalkMe Desktop SDKs use HTTPS for signaling traffic.
- Signaling traffic is protected by TLS using strong encryption suites.
- Only TLS versions 1.2, and 1.1 are supported.
WalkMe Desktop SDK Traffic Through Proxies and Firewalls
To restrict and control the traffic that leaves and enters their network, some organizations deploy an internet firewall, or internet proxy and firewall.
Follow the firewall and proxy guidance below to enable access to WalkMe Desktop SDKs services from your network.
When the organization only uses a firewall, it is important to note that filtering WalkMe Desktop SDK signaling traffic using IP addresses is not supported – The IP addresses used by WalkMe Desktop SDK signaling are dynamic and may change at any time.
If your firewall supports URL filtering, you will need to whitelist the WalkMe Desktop SDK destination URLs listed for End Users, this is found under WalkMe Access Requirements.
The proxy features that are relevant to the WalkMe Desktop SDK are discussed below.
Several authentication methods are supported by proxies such as Basic Authentication, Digest Authentication, (Windows-based) NTLM, Kerberos, and Negotiate (Kerberos with NTLM fallback).
|Product||Authentication Type||Proxy Configuration|
|WalkMe Mac SDK||Any authentication type supported by the host application. The SDK inherits the authentication type using API.||The SDK supports proxy API configuration.|
|WalkMe Windows SDK||Any authentication type supported by the host application. The SDK inherits the authentication type using API.||The SDK supports proxy API configuration.|
The connection will fail if WalkMe’s servers are not whitelisted in the network or if the proxy needs an Authentication Header and no parameters or the wrong parameters are supplied.
See the full whitelisting requirements here
Behavior when failing to connect:
- If the WalkMe SDK is not able to connect to the WalkMe server or authenticate with the proxy, it will periodically try to reconnect.
- WalkMe will not prompt the user for authentication.
- If there has been no connection from the time the SDK was loaded and WalkMe SDK was not able to get content from the WalkMe server, it will not present any content.
- If WalkMe SDK was able to get content when loading and the connection is lost afterward, WalkMe will work with the initial content but not be able to update with new content.
Proxy API Configuration
The authentication will be done by the host application. After the authentication, the main software will send WalkMe the appropriate headers through an API.
setproxy(url : string)
Once called, this will send all requests in the outer process through the proxy.
setHttpHeader(key : string, value : string)
Once called, the outer process will add this header to each HTTP request. When calling this method with a valid key and an empty value, the corresponding header will be deleted.
Setting the SDK to work with a proxy server with authorization:
WalkMe.SDK.setHttpHeader(“Proxy-Authorization”, “Basic YWxhZGRpbjpvcGVuc2VzYW1l”)
Figure 1: Network diagram
Figure 2: Sequence diagram – SDK Proxy API Configuration
- Host Application and WalkMe SDK are both blocked by proxy without authentication headers.
- After the host app performs the authentication and passes the authentication headers to the SDK, the SDK is able to communicate with the WalkMe Server and retrieve WalkMe content to present on the hosting app.