Gathering Information to Install and Configure the IIS 6.0 Agent
Considering Specific Deployment Scenarios for the IIS 6.0 Agent
The following table describes the information you will need to provide when you install and configure the IIS 6.0 agent.
Table 2 Information Required to Install and Configure the IIS 6.0 Agent
The IIS6CreateConfig.vbs script creates the IIS 6.0 agent configuration file. The IIS6CreateConfig.vbs script prompts you for information and then creates a configuration file that you can use later to configure the IIS 6.0 agent.
You must have Administrator privileges to run the IIS6CreateConfig.vbs script.
Note: If you are deploying the IIS 6.0 agent on multiple Web sites, you must create a unique agent configuration file for each of the Web sites.
On the Windows 2003 Server instance, open a command window. For example, click Start, Run, and then type cmd.
Change to the PolicyAgent-base\bin directory.
where PolicyAgent-base depends where you unzipped the IIS 6.0 agent distribution file. For example:
For example: C:\Agents\web_agents\iis6_agent\bin
The \bin directory contains the IIS6CreateConfig.vbs script, which you run to create the agent configuration file.
Create the agent configuration file by issuing the following case-sensitive command:
cscript IIS6CreateConfig.vbs ConfigFile
where ConfigFile is the unique name for agent configuration file.
For example: cscript IIS6CreateConfig.vbs IIS6Config.txt
The IIS6CreateConfig.vbs script creates this file and then saves your responses to prompts about the agent host and the OpenSSO Enterprise server in the file.
When prompted, provide the following information about the IIS 6.0 server that this agent will protect:
Agent Resource File Name: Accept the default value IIS6Resource.en (English version).
Agent URL: : Specify the URL for the IIS 6.0 agent including the port number. For example: http://agenthost.example.com:80
Web Site Identifier: Specify the unique identifier associated with the Web site for which you are creating a configuration file. Accept a value from the displayed list.
When prompted, provide the following information about the OpenSSO Enterprise host:
OpenSSO server URL, including the deployment URI: For example: http://openssohost.example.com:8080/opensso
Agent Profile name: For example: IIS6AgentProfile.
Agent Profile password File: Path to the file that contains the agent profile password. For example: C:\tmp\IIS6Agentpw.txt
Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. Copyright c 2009 Sun Microsystems, Inc. All rights reserved Use is subject to license terms --------------------------------------------------------- Microsoft (TM) Internet Information Server (6.0) --------------------------------------------------------- Enter the Agent Resource File Name [IIS6Resource.en] : Enter the Agent URL (Example: http://agent.example.com:80) : http://agent.example.com:80 Displaying the list of Web Sites and its corresponding Identifiers Site Name (Site Id) Default Web Site (1) testPolicy (204642793) Test2 (223085047) Web Site Identifier : 1 ------------------------------------------------ Sun OpenSSO Enterprise 8.0 ------------------------------------------------ Enter the URL where the OpenSSO server is running. Please include the deploymentURI also as shown in the example (Example: http://opensso.example.com:58080/opensso): http://openssohost.example.com:8080/opensso Please enter the Agent Profile name : IIS6AgentProfile Enter the Agent profile password file : c:\tmp\IIS6Agentpw.txt ----------------------------------------------------- Agent Configuration file created : IIS6AgentConfig.txt -----------------------------------------------------
The IIS6Admin.vbs script configures the IIS 6.0 agent for a specific Web site, based on an agent configuration file created by the IIS6CreateConfig.vbs script.
You must have Administrator privileges to run the IIS6Admin.vbs script.
The IIS6Admin.vbs script performs these functions:
Creates a subdirectory named Identifier_id under the web_agents\iis6_agent directory, where id is the Web site identifier. This directory contains the IIS 6.0 agent's \config and \logs directories.
Creates the OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties files for the IIS 6.0 agent using the agent configuration file created by the IIS6CreateConfig.vbs script.
Updates the Windows registry with the location of properties file.
Adds the wildcard ISAPI extension to the Web site for which the agent is configured.
Note: To configure the IIS 6.0 agent for multiple Web sites, follow this procedure for each Web site, using a unique agent configuration file for each site.
On the Windows 2003 Server instance, open a command window. For example, click Start, Run, and then type cmd.
Change to the PolicyAgent-base\bin directory.
where PolicyAgent-base depends where you unzipped the IIS 6.0 agent distribution file. For example:
For example: C:\Agents\web_agents\iis6_agent\bin
Configure the Web site for the IIS 6.0 agent by running the IIS6Admin.vbs script with the -config option.
For example: cscript IIS6Admin.vbs -config IIS6AgentConfig.txt
where IIS6Config.txt is the agent configuration file that you created in Creating a Configuration File for the IIS 6.0 Agent.
Notes:
The script name and options are case-sensitive.
For the Agent Resource File Name prompt, accept the default value (IIS6Resource.en).
The IIS6Admin.vbs script displays the progress of the configuration, as shown in the following sample:
Microsoft (R) Windows Script Host Version 5.6 Copyright (C) Microsoft Corporation 1996-2001. All rights reserved. Copyright c 2009 Sun Microsystems, Inc. All rights reserved Use is subject to license terms Enter the Agent Resource File Name [IIS6Resource.en] : Creating the Agent Config Directory Creating the OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties File Updating the Windows Product Registry Loading the IIS 6.0 Agent Completed Configuring the IIS 6.0 Agent
Ensure that the IIS 6.0 authentication method is set to Anonymous.
Restart IIS 6.0 using the iisreset command. For example, in a command prompt, type iisreset.
To view the agent log file (amAgent), see PolicyAgent-base\debug\Identifier_site-identifier\logs\debug, where site-identifier is a number such as 1 that identifies the Web site where the IIS 6.0 agent is being configured.
Attempt to access a resource protected by the IIS 6.0 agent.
If the agent is installed correctly, accessing the protected resource will redirect you to the OpenSSO Enterprise server login page.
Log in to the OpenSSO Enterprise server.
After a successful authentication, you should be able to access the protected resource, if the agent is correctly defined and an Allow policy is set for you for that resource.
After you install the IIS 6.0 agent on a specific IIS 6.0 server, you can install the agent on another IIS 6.0 server instance by running the IIS6CreateConfig.vbs and IIS6Admin.vbs scripts again for the new server instance.
You can also just copy and edit an existing IIS 6.0 agent configuration file, providing new values for the new IIS 6.0 server instance. Then, run the IIS6Admin.vbs script using the edited agent configuration file.
The IIS6Admin.vbs script creates the OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties files for the new server instance, so you do not need to copy and edit these files manually for the new instance.
OpenSSO Enterprise is not supported on the web container. Therefore, installing the IIS 6.0 agent and OpenSSO Enterprise on the same server instance is not supported.