Installing the IIS 7.0 Agent

• Gathering Information to Install and Configure the IIS 7.0 Agent

• Installing and Configuring the IIS 7.0 Agent

• Considering Specific Deployment Scenarios for the IIS 7.0 Agent

Gathering Information to Install and Configure the IIS 7.0 Agent

The following table describes the information you will need to provide when you install and configure the IIS 7.0 agent.

Table 2 Information Required to Install and Configure the IIS 7.0 Agent

Script	Prompt
IIS7CreateConfig.vbs	IIS 7.0 agent prompts:  Agent Resource File Name: Default is IIS7Resource.en (English version) Agent URL: For example http://agenthost.example.com:80 Web Site Identifier: Accept value from the displayed list. Sun OpenSSO Enterprise prompts:  OpenSSO server URL, including the deployment URI: For example http://ssohost.example.com:8080/opensso Agent Profile name: For example IIS7Agent Path to password file: For example C:\tmp\IIS7Agentpw.txt
IIS7Admin.vbs	Agent Resource File Name: Default is IIS7Resource.en (English version)

Installing and Configuring the IIS 7.0 Agent

• Creating a Configuration File for the IIS 7.0 Agent

• Configuring the IIS 7.0 Agent for a Web Site

• Verfiying an IIS 7.0 Agent Installation

Creating a Configuration File for the IIS 7.0 Agent

The IIS7CreateConfig.vbs script creates the IIS 7.0 agent configuration file. The IIS7CreateConfig.vbs script prompts you for information and then creates a configuration file that you can use later to configure the IIS 7.0 agent.

You must have Administrator privileges to run the IIS7CreateConfig.vbs script.

Note: If you are deploying the IIS 7.0 agent on multiple Web sites, you must create a unique agent configuration file for each of the Web sites.

To Create a Configuration File for the IIS 7.0 Agent

1. On the Windows 2008 Server instance, open a command window. For example, click Start, Run, and then type cmd.

2. Change to the PolicyAgent-base\bin directory.

   where PolicyAgent-base depends where you unzipped the IIS 7.0 agent distribution file. For example:

   For example: C:\Agents\web_agents\iis7_agent\bin

   The \bin directory contains the IIS7CreateConfig.vbs script, which you run to create the agent configuration file.

3. Create the agent configuration file by issuing the following case-sensitive command:

   cscript IIS7CreateConfig.vbs ConfigFile

   where ConfigFile is the unique name for agent configuration file.

   For example: cscript IIS7CreateConfig.vbs IIS7Config.txt

   The IIS7CreateConfig.vbs script creates this file and then saves your responses to prompts about the agent host and the OpenSSO Enterprise server in the file.

4. When prompted, provide the following information about the IIS 7.0 server that this agent will protect:

   • Agent Resource File Name: Accept the default value IIS7Resource.en (English version).

   • Agent URL: : Specify the URL for the IIS 7.0 agent including the port number. For example: http://agenthost.example.com:80

   • Web Site Identifier: Specify the unique identifier associated with the Web site for which you are creating a configuration file. Accept a value from the displayed list.

5. When prompted, provide the following information about the OpenSSO Enterprise host:

   • OpenSSO server URL, including the deployment URI: For example: http://ssohost.example.com:8080/opensso

   • Agent Profile name: For example: IIS7Agent.

   • Agent Profile password File: Path to the file that contains the agent profile password. For example: C:\tmp\IIS7Agentpw.txt

---

Example 1 Sample IIS7CreateConfig.vbs Script Run

Microsoft (R) Windows Script Host Version 5.7
Copyright (C) Microsoft Corporation. All rights reserved.

Copyright c 2009 Sun Microsystems, Inc. All rights reserved
Use is subject to license terms
---------------------------------------------------------
    Microsoft (TM) Internet Information Server (7.0)
---------------------------------------------------------
Enter the Agent Resource File Name [IIS7Resource.en] :

Enter the Agent URL (Example: http://agent.example.com:80) :
http://agenthost.example.com:80

Displaying the list of Web Sites and its corresponding Identifiers (id)

SITE "Default Web Site" (id:1,bindings:http/*:80:,state:Started)

Web Site Identifier :
1
------------------------------------------------
Sun OpenSSO Enterprise 8.0
------------------------------------------------
Enter the URL where the OpenSSO server is running. Please include the deployment 
URI also as shown in the example (Example: http://opensso.example.com:58080/opensso):
http://opensso.demo.sun.com:8080/opensso

Please enter the Agent Profile name :
IIS7Agent

Enter the Agent profile password file :
c:\tmp\IIS7Agentpw.txt

-----------------------------------------------------
Agent Configuration file created : IIS7Config.txt
-----------------------------------------------------

---

Configuring the IIS 7.0 Agent for a Web Site

The IIS7Admin.vbs script configures the IIS 7.0 agent for a specific Web site, based on an agent configuration file created by the IIS7CreateConfig.vbs script.

You must have Administrator privileges to run the IIS7Admin.vbs script.

The IIS7Admin.vbs script performs these functions:

• Creates a subdirectory named Identifier_id under the web_agents\iis7_agent directory, where id is the Web site identifier. This directory contains the IIS 7.0 agent's \config and \logs directories.

• Creates the OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties files for the IIS 7.0 agent using the agent configuration file created by the IIS7CreateConfig.vbs script.

• Updates the Windows registry with the location of properties file.

• Adds the IIS 7.0 HTTP module to the Web site for which the agent is configured.

Note: To configure the IIS 7.0 agent for multiple Web sites, follow this procedure for each Web site, using a unique agent configuration file for each site.

To Configure the IIS 7.0 Agent for a Web Site

1. On the Windows 2008 Server instance, open a command window. For example, click Start, Run, and then type cmd.

2. Change to the PolicyAgent-base\bin directory.

   where PolicyAgent-base depends where you unzipped the IIS 7.0 agent distribution file. For example:

   For example: C:\Agents\web_agents\iis7_agent\bin

3. Configure the Web site for the IIS 7.0 agent by running the IIS7Admin.vbs script with the -config option.

   For example: cscript IIS7Admin.vbs -config IIS7Config.txt

   where IIS7Config.txt is the agent configuration file that you created in Creating a Configuration File for the IIS 7.0 Agent.

   Notes:

   • The script name and options are case-sensitive.

   • For the Agent Resource File Name prompt, accept the default value (IIS7Resource.en).

   The IIS7Admin.vbs script displays the progress of the configuration, as shown in the following sample:

   Microsoft (R) Windows Script Host Version 5.7
   Copyright (C) Microsoft Corporation. All rights reserved.
   
   Copyright c 2009 Sun Microsystems, Inc. All rights reserved
   Use is subject to license terms
   
   Enter the Agent Resource File Name [IIS7Resource.en] :
   
   Creating the Agent Config Directory
   Creating the OpenSSOAgentBootstrap.properties 
       and OpenSSOAgentConfiguration.properties File
   Updating the Windows Product Registry
   Completed Configuring the IIS 7.0 Agent

4. Ensure that the IIS 7.0 authentication method is set to Anonymous.

5. Restart IIS 7.0 using the iisreset command. For example, in a command prompt, type iisreset.

Next Steps

To view the agent log file (amAgent), see PolicyAgent-base\debug\Identifier_site-identifier\logs\debug, where site-identifier is a number such as 1 that identifies the Web site where the IIS 7.0 agent is being configured.

Verfiying an IIS 7.0 Agent Installation

To Verify an IIS 7.0 Agent Installation

1. Attempt to access a resource protected by the IIS 7.0 agent.

   If the agent is installed correctly, accessing the protected resource will redirect you to the OpenSSO Enterprise server login page.

2. Log in to the OpenSSO Enterprise server.

   After a successful authentication, you should be able to access the protected resource, if the agent is correctly defined.

Considering Specific Deployment Scenarios for the IIS 7.0 Agent

• Installing the IIS 7.0 Agent on Multiple IIS 7.0 Servers

• Installing the IIS 7.0 Agent on the OpenSSO Enterprise Host Server

Installing the IIS 7.0 Agent on Multiple IIS 7.0 Servers

After you install the IIS 7.0 agent on a specific IIS 7.0 server, you can install the agent on another IIS 7.0 server instance by running the IIS7CreateConfig.vbs and IIS7Admin.vbs scripts again for the new server instance.

You can also just copy and edit an existing IIS 7.0 agent configuration file, providing new values for the new IIS 7.0 server instance. Then, run the IIS7Admin.vbs script using the edited agent configuration file.

The IIS7Admin.vbs script creates the OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties files for the new server instance, so you do not need to copy and edit these files manually for the new instance.

Installing the IIS 7.0 Agent on the OpenSSO Enterprise Host Server

OpenSSO Enterprise is not supported on the web container. Therefore, installing the IIS 7.0 agent and OpenSSO Enterprise on the same server instance is not supported.