Installing and Configuring the IIS 6.0 Agent (Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Microsoft Internet Information Services (IIS) 6.0)

Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Microsoft Internet Information Services (IIS) 6.0

Installing and Configuring the IIS 6.0 Agent

Creating a Configuration File for the IIS 6.0 Agent

The IIS6CreateConfig.vbs script creates the IIS 6.0 agent configuration file. The IIS6CreateConfig.vbs script prompts you for information and then creates a configuration file that you can use later to configure the IIS 6.0 agent.

You must have Administrator privileges to run the IIS6CreateConfig.vbs script.

Note: If you are deploying the IIS 6.0 agent on multiple Web sites, you must create a unique agent configuration file for each of the Web sites.

To Create a Configuration File for the IIS 6.0 Agent

On the Windows 2003 Server instance, open a command window. For example, click Start, Run, and then type cmd.

Change to the PolicyAgent-base\bin directory.

where PolicyAgent-base depends where you unzipped the IIS 6.0 agent distribution file. For example:

For example: C:\Agents\web_agents\iis6_agent\bin

The \bin directory contains the IIS6CreateConfig.vbs script, which you run to create the agent configuration file.

Create the agent configuration file by issuing the following case-sensitive command:

cscript IIS6CreateConfig.vbs ConfigFile

where ConfigFile is the unique name for agent configuration file.

For example: cscript IIS6CreateConfig.vbs IIS6Config.txt

The IIS6CreateConfig.vbs script creates this file and then saves your responses to prompts about the agent host and the OpenSSO Enterprise server in the file.

When prompted, provide the following information about the IIS 6.0 server that this agent will protect:
- Agent Resource File Name: Accept the default value IIS6Resource.en (English version).
- Agent URL: : Specify the URL for the IIS 6.0 agent including the port number. For example: http://agenthost.example.com:80
- Web Site Identifier: Specify the unique identifier associated with the Web site for which you are creating a configuration file. Accept a value from the displayed list.

When prompted, provide the following information about the OpenSSO Enterprise host:
- OpenSSO server URL, including the deployment URI: For example: http://openssohost.example.com:8080/opensso
- Agent Profile name: For example: IIS6AgentProfile.
- Agent Profile password File: Path to the file that contains the agent profile password. For example: C:\tmp\IIS6Agentpw.txt

Example 1 Sample `IIS6CreateConfig.vbs` Script Run

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.


Copyright c 2009 Sun Microsystems, Inc. All rights reserved
Use is subject to license terms
---------------------------------------------------------
    Microsoft (TM) Internet Information Server (6.0)
---------------------------------------------------------
Enter the Agent Resource File Name [IIS6Resource.en] :

Enter the Agent URL (Example: http://agent.example.com:80) :
http://agent.example.com:80

Displaying the list of Web Sites and its corresponding Identifiers
Site Name (Site Id)
Default Web Site (1)
testPolicy (204642793)
Test2 (223085047)

Web Site Identifier :
1
------------------------------------------------
Sun OpenSSO Enterprise 8.0
------------------------------------------------
Enter the URL where the OpenSSO server is running. 
Please include the deploymentURI also as shown in the example 
(Example: http://opensso.example.com:58080/opensso):
http://openssohost.example.com:8080/opensso

Please enter the Agent Profile name :
IIS6AgentProfile

Enter the Agent profile password file :
c:\tmp\IIS6Agentpw.txt

-----------------------------------------------------
Agent Configuration file created : IIS6AgentConfig.txt
-----------------------------------------------------

Configuring the IIS 6.0 Agent for a Web Site

The IIS6Admin.vbs script configures the IIS 6.0 agent for a specific Web site, based on an agent configuration file created by the IIS6CreateConfig.vbs script.

You must have Administrator privileges to run the IIS6Admin.vbs script.

The IIS6Admin.vbs script performs these functions:

Creates a subdirectory named Identifier_id under the web_agents\iis6_agent directory, where id is the Web site identifier. This directory contains the IIS 6.0 agent's \config and \logs directories.
Creates the OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties files for the IIS 6.0 agent using the agent configuration file created by the IIS6CreateConfig.vbs script.
Updates the Windows registry with the location of properties file.
Adds the wildcard ISAPI extension to the Web site for which the agent is configured.

Note: To configure the IIS 6.0 agent for multiple Web sites, follow this procedure for each Web site, using a unique agent configuration file for each site.

To Configure the IIS 6.0 Agent for a Web Site

On the Windows 2003 Server instance, open a command window. For example, click Start, Run, and then type cmd.

Change to the PolicyAgent-base\bin directory.

where PolicyAgent-base depends where you unzipped the IIS 6.0 agent distribution file. For example:

For example: C:\Agents\web_agents\iis6_agent\bin

Configure the Web site for the IIS 6.0 agent by running the IIS6Admin.vbs script with the -config option.

For example: cscript IIS6Admin.vbs -config IIS6AgentConfig.txt

where IIS6Config.txt is the agent configuration file that you created in Creating a Configuration File for the IIS 6.0 Agent.

Notes:
- The script name and options are case-sensitive.
- For the Agent Resource File Name prompt, accept the default value (IIS6Resource.en).
The IIS6Admin.vbs script displays the progress of the configuration, as shown in the following sample:
```
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

Copyright c 2009 Sun Microsystems, Inc. All rights reserved
Use is subject to license terms

Enter the Agent Resource File Name [IIS6Resource.en] :

Creating the Agent Config Directory
Creating the OpenSSOAgentBootstrap.properties 
    and OpenSSOAgentConfiguration.properties File
Updating the Windows Product Registry
Loading the IIS 6.0 Agent
Completed Configuring the IIS 6.0 Agent
```

Ensure that the IIS 6.0 authentication method is set to Anonymous.

Restart IIS 6.0 using the iisreset command. For example, in a command prompt, type iisreset.

Next Steps

To view the agent log file (amAgent), see PolicyAgent-base\debug\Identifier_site-identifier\logs\debug, where site-identifier is a number such as 1 that identifies the Web site where the IIS 6.0 agent is being configured.

Verifying an IIS 6.0 Agent Installation

To Verify an IIS 6.0 Agent Installation

Attempt to access a resource protected by the IIS 6.0 agent.

If the agent is installed correctly, accessing the protected resource will redirect you to the OpenSSO Enterprise server login page.

Log in to the OpenSSO Enterprise server.

After a successful authentication, you should be able to access the protected resource, if the agent is correctly defined and an Allow policy is set for you for that resource.