I work for an organization that uses a managed host for App1 and a collection of apps, App2..N
App1 is a web application, hosted on a linux webfarm by a large vendor - and it uses a forms-like authentication (e.g. simple username + password).
The collection of apps App2..N are available freely to users inside our network without a sign-in required by virtue of requests coming from our gateway IP address.
The apps (App2..N) is approx. 10 separate vendors of online information, who share in common a licensing model where they contract with my employer to provide information services via each of their web apps - and they seem to all use a scheme where they record the IP address of our organization's gateway IP - and allow requests from that specific IP to use the service without a login/password.
Approximatley 1/10th of our users are on-site here behind our firewall, and 9/10ths are spread world-wide.
These remote users authenticate to use App1 using the forms-like user/pass authentication.
While using App1, there are certain requirements where they must access the resources of App2..N - exposed as links within App1.
The vendors of App2..N tend to use various other means of allowing for our remote users, however they always seem to change and break down over time - all the schemes are different, and all change at different times, and most of these vendors do not have easily accessible client support services - e.g. it's difficult for me to keep up with all the breakage and poor access to solutions from the vendors.
I would like to come up with some type of web-based app that can accept incoming requests from all around the net - then channel them through our internal network somehow, so that these various requests could authenticate by right of having "come from" our on-site gateway IP address.
I don't know what this type of solution is called, I thought it would be reverse-proxy, but not 100% certain.
What type of solution do I need? What is is called?
Is there some type of server we can run within our network and/or in a DMZ that can re-route requests to App2..N so as to have them be treated as though they came from a user within our network?
Constraint: The number of users outside our network is far greater than the users inside our network, thus we do not wish to provide VPN access to our network for this purpose.
Since I don't exactly know what the tools and/or concepts are properly called, I open welcome editing of this question to make it more clear to the SF community.
EDIT: I might not require that the source IP address for our requests to App2..N be from exactly our gateway IP, but if they came from a single IP (not necessarily our gateway IP) - that could work too.
It sounds as though you are speaking of a reverse proxy. The way this would work is that you would run the reverse proxy in your DMZ. You would give the URL of the reverse proxy to your outside users.
When the users browse to the URL you gave them, your reverse proxy receives the connection and request. It then translates or rewrites or just forwards the request (as itself / from your IP address) to App1. App1 authenticates the user.
You need to work out how to detect on the reverse proxy whether they are authenticated to App1. This could be a cookie, or a URL element, or ...???. The reverse proxy sees all of the web traffic, so it should be do-able.
Once the reverse proxy knows whether you've authenticated, you configure it to selectively forward connections to App2..N only for authenticated users/connections.
You do need to ensure that either App1 presents URLs that point through the reverse proxy, or that you rewrite App1 presented links to pass through the reverse proxy.
The configuration of this can be painful. If you're using Apache, you're looking for something like mod_rewrite or mod_rewrite2 (if I recall correctly) There is other software that does things like this (BlueCoat is one, I think, but I don't know how configurable it is)
Hope this helps.