test

Sun Java System Access Manager Policy Agent 2.2 Guide for Microsoft IIS 6.0 With Outlook Web Access 2007/SharePoint 2007

Outlook Web Access Only: Configuring Agent for Microsoft IIS 6.0

If you are installing Agent for Microsoft IIS 6.0 to provide SSO to Outlook Web Access, tasks specific to Outlook Web Access are required. This section provides those configuration instructions in a series of tasks.

ProcedureOutlook Web Access: To Edit the Agent Properties File

Before You Begin

Open the web agent AMAgent.properties configuration file if it is not already open.

  1. In the web agent AMAgent.properties configuration file, set the following property to false as shown:


    com.sun.am.notification.enable = false

  2. Add the following property with its value set to true as indicated:


    com.sun.am.policy.agents.config.iis.owa_enabled = true

  3. Add the property illustrated in this step with its value set to the URL of a local idle session timeout page.

    The value for the property in the example that follows represents the location of a local idle session timeout page (timeout.aspx). However, the instructions for creating the local idle session timeout page are presented in the task that follows: Outlook Web Access: To Create a Local Idle Session Timeout Page. You can either complete that task first or set this property now by choosing a name at this time for the local idle session timeout page and its full path.

    Example Property Setting: 


    com.sun.am.policy.agents.config.iis.owa_enabled_session_timeout_url = 
https://agentHost.domain-name:444/timeout.aspx

    The timeout.aspx page is an example timeout page name, which is used in this guide in reference to the timeout page used with Agent for Microsoft IIS 6.0 when protecting Outlook Web Access. However, timeout.aspx is only an example. You might chose to use a different page name.

  4. Save and close the web agent AMAgent.properties configuration file.

ProcedureOutlook Web Access: To Create a Local Idle Session Timeout Page

This task consists of steps that vary in specificity. These steps are to be performed on the Microsoft IIS 6.0 Server. The purpose of this task is to create a local web site to redirect timeout requests to the Access Manager timeout page.

  1. Create a new virtual server (a different web site) in the Microsoft IIS 6.0 Server administration console.

  2. For the new virtual server, create a corresponding application pool with a new document folder.

    An example name for this folder is C:\Inetpub\test.

    While the preceding example folder name is used throughout this task, it is only an example. You might chose to use a different name.

  3. Install SSL on the newly created web site.

    Tip –

    • Ensure that this web site is accessible from a browser.

    • Configure the port number.

      An example port number for this port is 444. However, 444 is only an example. You might chose to use a different port number.

    • Ensure that the Outlook Web Access server runs on a different port (therefore, for the example used in this task, not port 444).

  4. Ensure that the web site is enabled to run scripts and executable files as described in the substeps that follow:

    1. As an administrator, log in to Windows 2003 Server where Outlook Web Access Server is running.

    2. In the Microsoft Windows Start menu, choose run.

    3. Type the following: inetmgr.

    4. Click OK.

    5. Expand the local computer.

    6. Expand the Web Sites folder.

    7. Right-click Default Web Site.

      An options list appears.

    8. In the options list, click Properties.

      The Default Web Site Properties dialog box appears.

    9. Select the Home Directory tab.

    10. Under the Application settings section, in the Execute permissions drop down list, select Scripts and Executables.

  5. Create a .aspx page, such as timeout.aspx, in the folder C:\Inetpub\test.

    As explained previously, timeout.aspx is only an example. However, ensure that you use the same name for this page as used in Outlook Web Access: To Edit the Agent Properties File.

  6. Add the markup information provided in this step to the timeout.aspx file, editing the place holders as appropriate.

    In the markup information provided in this step, the following place holders apply:

    amHost

    A place holder that you must replace with the name of the host machine on which Access Manager is running.

    amHost.domain-name

    The fully qualified domain name of the Access Manager host machine.

    agentHost

    A place holder that you must replace with the name of the host machine (or the alias name, if an alias name is used instead of the actual host name) on which the agent is running.

    agentHost.domain-name

    A place holder that you must replace with the fully qualified domain name of the agent host machine.

     <%@ Page language="c#" AutoEventWireup="false"  %>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> 

<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<%
string cookieValue="";
if (Request.Cookies["UserContext"] != null)
{
   cookieValue=Request.Cookies["UserContext"].Value;
   HttpCookie myCookie = new HttpCookie("UserContext",cookieValue);
   myCookie.Expires = DateTime.Now.AddDays(-1d);
   myCookie.Path = "/";
   Response.Cookies.Add(myCookie);
}

%>

<script language="javascript">
   function RefreshParent()
   {
      gotoUrl="https://amHost.domain-name:443/amserver/UI/Logout?goto=
https://agentHost.domain-name:443/owa";
                window.location.href = gotoUrl;
                window.parent.location.href = gotoUrl;
                window.parent.parent.location.href = gotoUrl;
           window.opener.parent.location.href = gotoUrl;
   }

   function CallRefresh()
   {
      RefreshParent();
      if(!window.close())
      {
         window.close();
      }
   }
</script>


</head>
<body onload="javascript:CallRefresh()">
</body>
</html>

  7. Save and close the timeout.aspx file.

ProcedureOutlook Web Access: To Modify the logoff.aspx File to Properly Handle the Logout Process

  1. Back up the file C:\Program Files\Microsoft\Exchange Server\ClientAccess\Owa\auth\logoff.aspx.

  2. Retrieve the cookie domain name as described in the substeps that follow.

    The cookie domain name you are retrieving in this step is required in the next step for the logoff.aspx file.

    1. Log in to Access Manager as amadmin.

    2. Select the Configuration tab.

    3. Scroll as necessary to click Platform under the System Properties section.

    4. In the Current Values list, take note of name of the appropriate cookie domain.

      The Current Values list is in the Cookie Domains section. The domain name you need to record for later use is the domain where Microsoft IIS 6.0 Server is installed and running.

  3. Replace the contents of the logoff.aspx file with the markup information provided in this step.

    In the markup information that follows, amHost.domain-name and agentHost.domain-name are place holders described in the task Outlook Web Access: To Create a Local Idle Session Timeout Page. In this case, cookie-domain is a place holder that you must replace with the cookie domain name retrieved in the previous step.

    <%@ Page language="c#" AutoEventWireup="false"  %>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> 

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<%
string str="owa";
if (Request.Cookies["owaAuthCookie"] != null)
{
    HttpCookie myCookie = new HttpCookie("owaAuthCookie","amOwaValue");
    myCookie.Expires = DateTime.Now.AddDays(-1d);
    myCookie.Domain = ".cookie-domain";
    myCookie.Path = "/";
    Response.Cookies.Add(myCookie);
}
%>
<meta http-equiv="Refresh" content="0;url= 
https://amHost.domain-name:443/amserver/UI/Logout?goto=
https%3A%2F%2FagentHost.domain-name%3A443%2F<%=str%>%2F">
</head>
</html>

  4. Save and close the logoff.aspx file.

Next Steps

Now you can verify the installation of the agent as described in Microsoft Office SharePoint and Outlook Web Access: Verifying a Successful Agent Installation.