Before you install the IIS 6.0 agent, your deployment must meet these requirements:
Microsoft IIS 6.0 must be installed and configured on the Windows Server 2003 host.
An OpenSSO Enterprise server instance must be installed and accessible to Microsoft IIS 6.0 and the Windows Server 2003 host.
Login into the server where you want to install the agent.
Create a directory to unzip the agent distribution file.
Download and unzip the agent distribution file, depending on your platform:
Platform |
Distribution File |
---|---|
Windows 2003 Server, 32-bit systems |
iis_v6_WINNT_agent_3.zip |
Windows 2003 Server, 64-bit systems |
iis_v6_WINNT_x64_agent_3.zip |
These distribution files are available from the following sites:
Sun Downloads under View by Category, Identity Management, and Policy Agents: http://www.sun.com/download/index.jsp
OpenSSO project: https://opensso.dev.java.net/public/use/index.html
The following table shows the files and directories after you unzip the agent distribution file. These files are in the following directory:
AgentHome\web_agents\iis6_agent
where AgentHome is where you unzipped the agent distribution file. For example: C:\Agents\web_agents\iis6_agent
The IIS 6.0 agent uses an agent profile to communicate with OpenSSO Enterprise server.
To create an agent profile use either of these methods:
Use the OpenSSO Enterprise Console, as described in this section.
Use the ssoadm command-line utility with the create-agent subcommand. For more information about the ssoadm command, see the Sun OpenSSO Enterprise 8.0 Administration Reference.
Login into the OpenSSO Enterprise Administration Console as amadmin.
Click Access Control, realm-name, Agents, and Web.
Under Agent, click New.
In the Name field, enter the name for the new agent profile. For Example: IIS6AgentProfile
Enter and confirm the Password.
In the Configuration field, check the location where the agent configuration properties are stored:
Local: In the OpenSSOAgentConfiguration.properties file on the server where the agent is installed.
Centralized (default): In the OpenSSO Enterprise server central configuration data repository.
In the Server URL field, enter the OpenSSO Enterprise server URL.
For example: http://openssohost.example.com:8080/opensso
In the Agent URL field, enter the URL for the agent.
For example: http://agenthost.example.com:80
Click Create.
The console creates the agent profile and displays the Web agent page again with a link to the new agent profile.
To do additional configuration for the agent, click the specific link to display the Edit agent page. For information about the agent configuration fields, see the Console online Help.
If you prefer, you can also use the ssoadm command-line utility to edit the agent profile. For more information, see the Sun OpenSSO Enterprise 8.0 Administration Reference.
A password file is an ASCII text file with only one line specifying a password in clear text. By using a password file, you are not forced to expose a password at the command line.
When you create the IIS 6.0 agent configuration file using the IIS6CreateConfig.vbs script, you will be prompted to specify the path to the IIS 6.0 agent profile password file.
If you plan to use the ssoadm utility to manage the IIS 6.0 agent, you will also need a password file to store the password for the agent administrator (which can be amadmin, if you prefer).
Create an ASCII text file for the password file. For example, for an agent profile: C:\tmp\IIS6Agentpw.txt
Using a text editor, enter the appropriate password in clear text on the first line of the password file.
Secure the password file appropriately, depending on the requirements for your deployment.
Creating an agent administrator is optional. An agent administrator can manage agents in OpenSSO Enterprise, using either the OpenSSO Enterprise Console or by executing the ssoadm utility.
Login to OpenSSO Enterprise Console as amadmin.
Create a new agents administrator group:
Create a new agent administrator user and add the agent administrator user to the agents administrator group:
Click Access Control, realm-name, Subjects, and then User.
Click New and provide the following values:
ID: Name of the agent administrator. For example: AgentAdmin
This is the name you will use to login to the OpenSSO Enterprise Console .
First Name (optional), Last Name, and Full Name.
For simplicity, use the same name for each of these values that you specified in the previous step for ID.
Password (and confirmation)
User Status: Active
Click OK.
Click the new agent administrator name.
On the Edit User page, click Group.
Add the agents administrator group from Available to Selected.
Click Save.
Assign read and write access to the agents administrator group:
Login into the OpenSSO Enterprise Console as the new agent administrator. The only available top-level tab is Access Control. Under realm-name, you will see only the Agents tab and sub tabs.