The IIS7CreateConfig.vbs script creates the IIS 7.0 agent configuration file. The IIS7CreateConfig.vbs script prompts you for information and then creates a configuration file that you can use later to configure the IIS 7.0 agent.
You must have Administrator privileges to run the IIS7CreateConfig.vbs script.
Note: If you are deploying the IIS 7.0 agent on multiple Web sites, you must create a unique agent configuration file for each of the Web sites.
On the Windows 2008 Server instance, open a command window. For example, click Start, Run, and then type cmd.
Change to the PolicyAgent-base\bin directory.
where PolicyAgent-base depends where you unzipped the IIS 7.0 agent distribution file. For example:
For example: C:\Agents\web_agents\iis7_agent\bin
The \bin directory contains the IIS7CreateConfig.vbs script, which you run to create the agent configuration file.
Create the agent configuration file by issuing the following case-sensitive command:
cscript IIS7CreateConfig.vbs ConfigFile
where ConfigFile is the unique name for agent configuration file.
For example: cscript IIS7CreateConfig.vbs IIS7Config.txt
The IIS7CreateConfig.vbs script creates this file and then saves your responses to prompts about the agent host and the OpenSSO Enterprise server in the file.
When prompted, provide the following information about the IIS 7.0 server that this agent will protect:
Agent Resource File Name: Accept the default value IIS7Resource.en (English version).
Agent URL: : Specify the URL for the IIS 7.0 agent including the port number. For example: http://agenthost.example.com:80
Web Site Identifier: Specify the unique identifier associated with the Web site for which you are creating a configuration file. Accept a value from the displayed list.
When prompted, provide the following information about the OpenSSO Enterprise host:
OpenSSO server URL, including the deployment URI: For example: http://ssohost.example.com:8080/opensso
Agent Profile name: For example: IIS7Agent.
Agent Profile password File: Path to the file that contains the agent profile password. For example: C:\tmp\IIS7Agentpw.txt
Microsoft (R) Windows Script Host Version 5.7 Copyright (C) Microsoft Corporation. All rights reserved. Copyright c 2009 Sun Microsystems, Inc. All rights reserved Use is subject to license terms --------------------------------------------------------- Microsoft (TM) Internet Information Server (7.0) --------------------------------------------------------- Enter the Agent Resource File Name [IIS7Resource.en] : Enter the Agent URL (Example: http://agent.example.com:80) : http://agenthost.example.com:80 Displaying the list of Web Sites and its corresponding Identifiers (id) SITE "Default Web Site" (id:1,bindings:http/*:80:,state:Started) Web Site Identifier : 1 ------------------------------------------------ Sun OpenSSO Enterprise 8.0 ------------------------------------------------ Enter the URL where the OpenSSO server is running. Please include the deployment URI also as shown in the example (Example: http://opensso.example.com:58080/opensso): http://opensso.demo.sun.com:8080/opensso Please enter the Agent Profile name : IIS7Agent Enter the Agent profile password file : c:\tmp\IIS7Agentpw.txt ----------------------------------------------------- Agent Configuration file created : IIS7Config.txt -----------------------------------------------------
The IIS7Admin.vbs script configures the IIS 7.0 agent for a specific Web site, based on an agent configuration file created by the IIS7CreateConfig.vbs script.
You must have Administrator privileges to run the IIS7Admin.vbs script.
The IIS7Admin.vbs script performs these functions:
Creates a subdirectory named Identifier_id under the web_agents\iis7_agent directory, where id is the Web site identifier. This directory contains the IIS 7.0 agent's \config and \logs directories.
Creates the OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties files for the IIS 7.0 agent using the agent configuration file created by the IIS7CreateConfig.vbs script.
Updates the Windows registry with the location of properties file.
Adds the IIS 7.0 HTTP module to the Web site for which the agent is configured.
Note: To configure the IIS 7.0 agent for multiple Web sites, follow this procedure for each Web site, using a unique agent configuration file for each site.
On the Windows 2008 Server instance, open a command window. For example, click Start, Run, and then type cmd.
Change to the PolicyAgent-base\bin directory.
where PolicyAgent-base depends where you unzipped the IIS 7.0 agent distribution file. For example:
For example: C:\Agents\web_agents\iis7_agent\bin
Configure the Web site for the IIS 7.0 agent by running the IIS7Admin.vbs script with the -config option.
For example: cscript IIS7Admin.vbs -config IIS7Config.txt
where IIS7Config.txt is the agent configuration file that you created in Creating a Configuration File for the IIS 7.0 Agent.
Notes:
The script name and options are case-sensitive.
For the Agent Resource File Name prompt, accept the default value (IIS7Resource.en).
The IIS7Admin.vbs script displays the progress of the configuration, as shown in the following sample:
Microsoft (R) Windows Script Host Version 5.7 Copyright (C) Microsoft Corporation. All rights reserved. Copyright c 2009 Sun Microsystems, Inc. All rights reserved Use is subject to license terms Enter the Agent Resource File Name [IIS7Resource.en] : Creating the Agent Config Directory Creating the OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties File Updating the Windows Product Registry Completed Configuring the IIS 7.0 Agent
Ensure that the IIS 7.0 authentication method is set to Anonymous.
Restart IIS 7.0 using the iisreset command. For example, in a command prompt, type iisreset.
To view the agent log file (amAgent), see PolicyAgent-base\debug\Identifier_site-identifier\logs\debug, where site-identifier is a number such as 1 that identifies the Web site where the IIS 7.0 agent is being configured.
Attempt to access a resource protected by the IIS 7.0 agent.
If the agent is installed correctly, accessing the protected resource will redirect you to the OpenSSO Enterprise server login page.
Log in to the OpenSSO Enterprise server.
After a successful authentication, you should be able to access the protected resource, if the agent is correctly defined.