test

Sun Java System Access Manager Policy Agent 2.2 Guide for Microsoft Internet Information Services 6.0

Information Specific to Agent for Microsoft IIS 6.0

This section describes characteristics that are unique about this specific web agent.

Note –

To work with this web agent, you should have a thorough understanding of Microsoft IIS 6.0. Besides an understanding of the overall architecture, you should have an understanding of various concepts and technologies as related to Microsoft IIS 6.0, including the following: application pools, web sites, and authentication methods.

Agent for Microsoft IIS 6.0 is an ISAPI (Internet Server API) application. It is deployed as a wildcard application mapping to a web site. Therefore, when deployed for a particular web site, this agent intercepts every request for accessing the resources on that web site. It does authentication and policy evaluation, thereby providing SSO. If all the conditions are met, the agent allows access to the resource.

However, for protecting Microsoft Office SharePoint and Outlook Web Access, the agent is deployed as an ISAPI filter. In this case, authentication is provided and SSO is enabled by the agent, but policy evaluation is managed by whichever application you have installed: Microsoft Office SharePoint or Outlook Web Access.

The following subsections describe unique characteristics of Agent for Microsoft IIS 6.0.

Using Agent for Microsoft IIS 6.0 with Microsoft Office SharePoint or Outlook Web Access

Besides the option of having Agent for Microsoft IIS 6.0 protect Microsoft IIS 6.0 Server, you can also configure the agent to protect Microsoft Office SharePoint Portal Server 2003 (referred to as Microsoft Office SharePoint Server throughout this guide) or Outlook Web Access for Microsoft Exchange Server 2003 (referred to as Outlook Web Access throughout this guide). Outlook Web Access is the web-based email service for Microsoft Exchange Server.

This guide provides specific instructions for SharePoint and Outlook Web Access in Appendix A, Microsoft Office SharePoint or Outlook Web Access: Deploying Agent for Microsoft IIS 6.0.

Microsoft Office SharePoint Server

When you install Agent for Microsoft IIS 6.0 to protect Microsoft Office SharePoint Server, the agent enables single sign-on (SSO) for SharePoint with all the applications configured in Access Manager. When a user attempts to access SharePoint, Agent for Microsoft IIS 6.0 displays an Access Manager log-in screen. Once authenticated, the user can access SharePoint and all other applications that are secured by Access Manager.

Outlook Web Access

When you install Agent for Microsoft IIS 6.0 to protect Outlook Web Access, the agent enables single sign-on (SSO) for Outlook Web Access with all the applications configured in Access Manager. When a user attempts to access Outlook Web Access, Agent for Microsoft IIS 6.0 displays an Access Manager log-in screen. Once authenticated, the user can access the Outlook Web Access applications, such as email, and all the other applications that are secured by Access Manager.

Multiple Instances of Web Agent Not Supported on Same System

Policy Agent 2.2 for Microsoft IIS 6.0 is unique in that only one instance of Microsoft IIS 6.0 can be installed per computer system. Therefore, you cannot install multiple instances of Agent for Microsoft IIS 6.0 on the same computer system. However, you can configure multiple web sites on one machine, allowing the agent to be configured for multiple web sites on multiple application pools. All the same, the agent cannot be configured for multiple web sites on the same application pool.

Application Pool and Web Site Configuration

Agent for Microsoft IIS 6.0 supports the configuration of a single web site associated with a single application pool. This agent also supports the configuration of multiple web sites where each web site is assigned to a different application pool. However, this agent is not designed to work when multiple web sites are assigned to the same application pool.

Support for Microsoft IIS 6.0 in IIS 5.0 Isolation Mode

If Microsoft IIS 6.0 is configured to run in IIS 5.0 isolation mode, use Policy Agent 2.2 for Microsoft IIS 5.0 and not this Policy Agent 2.2 for Microsoft IIS 6.0. For information see Sun Java System Access Manager Policy Agent 2.2 Guide for Microsoft Internet Information Services 5.0.