This chapter provides information about Sun Java System Policy Agent 2.2 as it pertains specifically to Microsoft IIS 5.0.
While the individual web agents tend to be similar in terms of installation and configuration, they can have unique characteristics that allow them to interact with unique characteristics in the underlying deployment container, such as a web server or proxy server. Therefore, this chapter describes characteristics that are unique to this agent, Sun Java System Access Manager Policy Agent 2.2 for Microsoft IIS 5.0, and that are unique to just the deployment container, Microsoft IIS 5.0. This chapter also summarizes specific tasks you might need to perform because of the unique characteristics of the deployment container.
The following sections provide information about the supported platforms of Policy Agent 2.2 for Microsoft IIS 5.0 as well as the compatibility of this agent with Access Manager.
The following table presents the supported platforms of Policy Agent 2.2 for Microsoft Internet Information Services 5.0. Throughout this guide the Microsoft Internet Information Services 5.0 deployment container is referred to as Microsoft IIS 5.0.Table 2–1 Supported Platforms of Agent for Microsoft IIS 5.0
Microsoft Internet Information Services 5.0 (Microsoft IIS 5.0)
Windows 2000 Advanced Server
Windows 2000 Professional
All agents in the Policy Agent 2.2 release are compatible with versions of Sun Java System Access Manager as described in this section.
All agents in the Policy Agent 2.2 release are compatible with Access Manager 7 and Access Manager 7.1. Compatibility applies to both of the available modes of Access Manager: Realm Mode and Legacy Mode.
Install the latest Access Manager patches to ensure that all enhancements and fixes are applied. For an example of Access Manager patches that can be installed, see the compatibility information discussed in Sun Java System Access Manager Policy Agent 2.2 Release Notes.
All agents in Policy Agent 2.2 are also compatible with Access Manager 6.3 Patch 1 or greater. However, certain limitations apply. For more information about the limitations, see Backward Compatibility With Access Manager 6.3.
This section describes characteristics that are unique about this specific web agent.
To work with this web agent, you should have a thorough understanding of Microsoft IIS 5.0. Besides an understanding of the overall architecture, you should have an understanding of various concepts and technologies as related to Microsoft IIS 5.0, including web sites, and authentication methods.
Agent for Microsoft IIS 5.0 enforces policy on URL access to Microsoft IIS 5.0 server. This agent is an ISAPI (Internet Server API) filter installed at the Internet Information Services web service level that intercepts every request to access the resources on Microsoft IIS 5.0 server. Agent for Microsoft IIS 5.0 can only be deployed to one web site.
This agent performs authentication and policy evaluation, thereby providing single sign-on (SSO). If all conditions are met, the agent allows access to the resource.
The following subsections describe unique characteristics of Agent for Microsoft IIS 5.0.
Policy Agent 2.2 for Microsoft IIS 5.0 is unique in that only one instance of Microsoft IIS 5.0 can be installed per computer system. Therefore, you cannot install multiple instances of Agent for Microsoft IIS 5.0 on the same computer system.
The default authentication method for Microsoft IIS 5.0 is anonymous. The anonymous authentication is supported by Policy Agent 2.2. In addition to anonymous authentication, this web agent supports HTTP basic authentication. In this mode, the Windows system prompts the user for authentication by providing a dialog box. This prompt appears even though the user is still required to provide authentication credentials for Access Manager. This double authentication requirement can be turned off. For details on how to turn off the Windows system authentication, see Preventing an Additional Authentication Prompt: Preparing to Install Agent for Microsoft IIS 5.0.
You can use this agent to protect web resources for Microsoft IIS 6.0, provided that the server is running in IIS 5.0 isolation mode.