My customer is in the process of REMobile CSDK Integration with their Internet and Net Banking websites. The customer has a combination of HTTP and HTTPS based webpages as part of their website.
Customer’s landing home page is HTTP based [Prelogin page] and once end consumer tries to perform a financial transaction on the banking website, it redirects the consumer to a HTTPS based site for secure transactions.
As we know, our REM CSDK requires end to end HTTPS/SSL connection and it is becoming a challenge on how to overcome this situation.
Customer would like to initiate the REM Assist functionality both from Pre-Login [HTTP based] and Post-Login [HTTPS based] sites and once voice, video, expert assist session is established, they would like to perform co-browse functionality by sharing HTTP and HTTPS pages.
Any thoughts on how to overcome the HTTP problem? I tried to play on the Reverse Proxy, so that it takes HTTP as input and redirects the user to HTTPS, by making HTTPS connection to the REAS. However, what I see is REAS doesn’t honour these kind of request [which is not HTTPS end to end] and there is a security exception message thrown as seen in the logs.
As HTTPS becomes mandate for deployment of REM CSDK, it is creating discomfort to the bank as they are not ready to move their prelogin [HTTP] based site to HTTPS. I have provided an intermediate option, where “Connect Us” URL can be provided on the HTTP page and on click of this page it will lead to a HTTPS page which has “Video Assist” button.
I would like to know your expert comments and suggest any better ideas. Thanks and have a good day.