Outlook Web Access: Configuring Agent for Microsoft IIS 6.0

If you are installing Agent for Microsoft IIS 6.0 to provide SSO to Outlook Web Access, additional configuration is required that is not required for Microsoft Office SharePoint. This section provides those configuration instructions in a series of tasks.

Outlook Web Access: To Edit the Agent Properties File

Before You Begin

Open the web agent AMAgent.properties configuration file if it is not already open.

1. In the web agent AMAgent.properties configuration file, locate the properties listed in this step and set the values accordingly.

   The settings that follow are provided as examples, where agentHost is a place holder that you must replace with the name of the host machine where the agent is installed and domain-name is a place holder that you must replace with the name of the domain, such as example.com. Add values that match your site's requirements.

   com.sun.am.notification.enable = false com.sun.am.sso.polling.period = 1 com.sun.am.policy.agents.config.fqdn.map = agentHost| agentHost.domain-name,agentHost.domain-name| agentHost.domain-name

2. Add the following property with its value set to true as indicated:

   com.sun.am.policy.agents.config.iis.owa_enabled = true

3. Add the following property with its value set to the URL of a local session timeout page as indicated:

   com.sun.am.policy.agents.config.iis.owa_enabled_session_timeout_url = https://agentHost.domain-name:444/timeout.asp

   The timeout.asp page is an example timeout page name, which is used in this guide in reference to the timeout page used with Agent for Microsoft IIS 6.0 when protecting Outlook Web Access. However, timeout.asp is only an example. You might chose to use a different page name.

4. Save and close the web agent AMAgent.properties configuration file.

Outlook Web Access: To Create a Local Idle Session Timeout Page

This task consists of steps that vary in specificity. These steps are to be performed on the Microsoft IIS 6.0 Server.

1. Create a new virtual server ( a different web site) in the Microsoft IIS 6.0 Server administration console.

2. For the new virtual server, create a corresponding application pool with a new document folder.

   An example name for this folder is C:\Inetpub\test.

   While the preceding example folder name is used throughout this task, it is only an example. You might chose to use a different name.

3. Install SSL on the newly created web site.

   ---

   Tip –

   • Ensure that this web site is accessible from a browser.

   • Configure the port number.

     An example port number for this port is 444. However, 444 is only an example. You might chose to use a different port number.

   • Ensure that the Outlook Web Access server runs on a different port (therefore, for the example used in this task, not port 444).

   ---

4. Ensure that the web site is enabled to run scripts and executable files as described in the substeps that follow:

   1. Log in to the Microsoft IIS 6.0 Server as an administrator.

   2. In the Microsoft Windows Start menu, choose run.

   3. Type the following: inetmgr.

   4. Click OK.

   5. Expand the local computer.

   6. Expand the Web Sites folder.

   7. Right-click Default Web Site.

      An options list appears.

   8. In the options list, click Properties.

      The Default Web Site Properties dialog box appears.

   9. Select the Home Directory tab.

   10. Under the Application settings section, in the Execute permissions drop down list, select Scripts and Executables.

5. Create a .asp page, such as timeout.asp, in the folder C:\Inetpub\test.

   As explained previously, timeout.asp is only an example. However, ensure that you use the same name for this page as used in Outlook Web Access: To Edit the Agent Properties File.

6. Add the markup information provided in this step to the timeout.asp file, editing the place holders as appropriate.

   In the markup information that follows, AMhost is a place holder that you must replace with the name of the host machine on which Access Manager is running. AMhost.domain-name is the fully qualified domain name of the machine.

   <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <% redirectvalue = Request.QueryString("owagoto") posn=inStr( redirectvalue, "owalogon.asp?url=" ) If(posn > 1) Then str2 = Split(redirectvalue,"owalogon.asp?url=") str3 = Split(str2(1),"&reason")redirectvalue=str3(0) End If %> <meta http-equiv="Refresh" content="0;url=https:// AMhost.domain-name:443/amserver/UI/Login?goto=<%=redire ctvalue%>"> </head> </html>

7. Save and close the timeout.asp file.

Outlook Web Access: To Modify the logoff.asp File to Properly Handle the Logout Process.

1. Backup the file C:\Program Files\Exchsrvr\exchweb\bin\usa\logoff.asp.

2. Retrieve the cookie domain name as described in the substeps that follow.

   The cookie domain name you are retrieving in this step is required in the next step for the logoff.asp file.

   1. Log in to Access Manager as amadmin.

   2. Select the Configuration tab.

   3. Scroll as necessary to click Platform under the System Properties section.

   4. In the Current Values list, take note of name of the appropriate cookie domain.

      The Current Values list is in the Cookie Domains section. The domain name you need to record for later use is the domain where Microsoft IIS 6.0 Server is installed and running.

3. Replace the contents of the logoff.asp file with the markup information provided in this step.

   In the markup information that follows, AMhost and domain-name are place holders described in the previous task (Outlook Web Access: To Create a Local Idle Session Timeout Page). In this case, cookie-domain is a place holder that you must replace with the cookie domain name retrieved the previous step. You must replace the place holder agentHost with the host name (or the alias name, if an alias name is used instead of the actual host name) of the machine that hosts the agent.

   <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <% Response.Cookies("owaAuthCookie").Domain = ".cookie-domain" Response.Cookies("owaAuthCookie").Path = "/" Response.Cookies("owaAuthCookie")= "amOwaValue" Response.Cookies("owaAuthCookie").Expires = "July 1, 1995" %> <meta http-equiv="Refresh" content="0;url= https:// AMhost.domain-name/amserver/UI/Logout?goto=https%3A%2F %2F agentHost.domain-name%3A443%2F"> </head> </html>

4. Save and close the logoff.asp file.

Next Steps

Now you can verify the installation of the agent as described in Microsoft Office SharePoint and Outlook Web Access: Verifying a Successful Agent Installation.