Sun Java System Access Manager Policy Agent 2.2 Guide for Microsoft Internet Information Services 5.0

Information Specific to Agent for Microsoft IIS 5.0

This section describes characteristics that are unique about this specific web agent.

Note –

To work with this web agent, you should have a thorough understanding of Microsoft IIS 5.0. Besides an understanding of the overall architecture, you should have an understanding of various concepts and technologies as related to Microsoft IIS 5.0, including web sites, and authentication methods.

Agent for Microsoft IIS 5.0 enforces policy on URL access to Microsoft IIS 5.0 server. This agent is an ISAPI (Internet Server API) filter installed at the Internet Information Services web service level that intercepts every request to access the resources on Microsoft IIS 5.0 server. Agent for Microsoft IIS 5.0 can only be deployed to one web site.

This agent performs authentication and policy evaluation, thereby providing single sign-on (SSO). If all conditions are met, the agent allows access to the resource.

The following subsections describe unique characteristics of Agent for Microsoft IIS 5.0.

Multiple Instances of Agent for Microsoft IIS 5.0 Not Supported on Same System

Policy Agent 2.2 for Microsoft IIS 5.0 is unique in that only one instance of Microsoft IIS 5.0 can be installed per computer system. Therefore, you cannot install multiple instances of Agent for Microsoft IIS 5.0 on the same computer system.

Additional Authentication Prompt

The default authentication method for Microsoft IIS 5.0 is anonymous. The anonymous authentication is supported by Policy Agent 2.2. In addition to anonymous authentication, this web agent supports HTTP basic authentication. In this mode, the Windows system prompts the user for authentication by providing a dialog box. This prompt appears even though the user is still required to provide authentication credentials for Access Manager. This double authentication requirement can be turned off. For details on how to turn off the Windows system authentication, see Preventing an Additional Authentication Prompt: Preparing to Install Agent for Microsoft IIS 5.0.

Support for Microsoft IIS 6.0 in IIS 5.0 Isolation Mode

You can use this agent to protect web resources for Microsoft IIS 6.0, provided that the server is running in IIS 5.0 isolation mode.