Pre-Installation Tasks for the IIS 7.0 Agent

• Meeting the Requirements for the IIS 7.0 Agent

• Downloading and Unzipping the IIS 7.0 Agent Distribution File

• Creating an Agent Profile

• Creating a Password File

• Creating an Agent Administrator (Optional)

Meeting the Requirements for the IIS 7.0 Agent

Before you install the IIS 7.0 agent, your deployment must meet these requirements:

• Microsoft IIS 7.0 must be installed and configured on the Windows Server 2008 host.

• An OpenSSO server instance must be installed and accessible to Microsoft IIS 7.0 and the Windows Server 2008 host.

Downloading and Unzipping the IIS 7.0 Agent Distribution File

To Download and Unzip the IIS 7.0 Agent Distribution File

1. Login into the server where you want to install the agent.
2. Create a directory to unzip the agent distribution file.
3. Download and unzip the agent distribution file, depending on your platform:
   

   Platform Agent Distribution File Windows Server 2008, 32-bit systems iis_v7_WINNT_agent_3.zip Windows Server 2008, 64-bit systems iis_v7_WINNT_x64_agent_3.zip Windows Server 2008, 64-bit systems running IIS 7.0 with Office SharePoint Server 2010 iis_v7_WINNT_x64_agent_3.zip Note. To deploy the IIS 7.0 agent with Windows Server 2008 running IIS 7.x with Office SharePoint Server 2010, you must obtain the latest 64–bit agent distribution file.

   The distribution files are available on the following site: https://edelivery.oracle.com/.

   The following table shows the files and directories after you unzip the agent distribution file. These files are in the following directory:

   AgentHome\web_agents\iis7_agent

   where AgentHome is where you unzipped the agent distribution file. For example: C:\Agents\web_agents\iis7_agent

   
   

   File or Directory Description README and license.txt Readme and license files \bin IIS7CreateConfig.vbs and IIS7Admin.vbs scripts IIS7Resource.en resource file (English version) certutil.exe and cryptit.exe utilities dll and other supporting files \config Template and properties files

Creating an Agent Profile

The IIS 7.0 agent uses an agent profile to communicate with Oracle OpenSSO server.

To create an agent profile use either of these methods:

• Use the Oracle OpenSSO Administration Console, as described in this section.

• Use the ssoadm command-line utility with the create-agent subcommand. For more information about the ssoadm command, see the OpenSSO Enterprise 8.0 Administration Reference in http://download.oracle.com/docs/cd/E19681-01/index.html.

To Create an Agent Profile in the Oracle OpenSSO Console

1. Login into the Oracle OpenSSO Administration Console as amadmin.
2. Click Access Control, realm-name, Agents, and Web.
3. Under Agent, click New.
4. In the Name field, enter the name for the new agent profile. For Example: IIS7Agent
5. Enter and confirm the Password.
6. In the Configuration field, check the location where the agent configuration properties are stored:

   • Local: In the OpenSSOAgentConfiguration.properties file on the server where the agent is installed.

   • Centralized (default): In the OpenSSO server central configuration data repository.

7. In the Server URL field, enter the OpenSSO server URL.

   For example: http://openssohost.example.com:8080/opensso

8. In the Agent URL field, enter the URL for the agent.

   For example: http://agenthost.example.com:8090

9. Click Create.

   The console creates the agent profile and displays the Web agent page again with a link to the new agent profile.

   To do additional configuration for the agent, click the specific link to display the Edit agent page. For information about the agent configuration fields, see the Console online Help.

   If you prefer, you can also use the ssoadm command-line utility to edit the agent profile. For more information, see the OpenSSO Enterprise 8.0 Administration Reference in http://download.oracle.com/docs/cd/E19681-01/index.html.

Creating a Password File

A password file is an ASCII text file with only one line specifying a password in clear text. By using a password file, you are not forced to expose a password at the command line.

When you create the IIS 7.0 agent configuration file using the IIS7CreateConfig.vbs script, you will be prompted to specify the path to the IIS 7.0 agent profile password file.

If you plan to use the ssoadm utility to manage the IIS 7.0 agent, you will also need a password file to store the password for the agent administrator (which can be amadmin, if you prefer).

To Create a Password File

1. Create an ASCII text file for the password file. For example, for an agent profile: C:\tmp\IIS7Agentpw.txt
2. Using a text editor, enter the appropriate password in clear text on the first line of the password file.
3. Secure the password file appropriately, depending on the requirements for your deployment.

Creating an Agent Administrator (Optional)

Creating an agent administrator is optional. An agent administrator can manage agents in Oracle OpenSSO, using either the OpenSSO Console or by executing the ssoadm utility.

To Create an Agent Administrator in the OpenSSO Console

1. Login to OpenSSO Administration Console as amadmin.
2. Create a new agents administrator group:
   1. Click Access Control, realm-name, Subjects, and then Group.
   2. Click New.
   3. In ID, enter the name of the group. For example: AgentAdministrators
   4. Click OK.
3. Create a new agent administrator user and add the agent administrator user to the agents administrator group:
   1. Click Access Control, realm-name, Subjects, and then User.
   2. Click New and provide the following values:

      • ID: Name of the agent administrator. For example: AgentAdmin

        This is the name you will use to login to the OpenSSO Console .

      • First Name (optional), Last Name, and Full Name.

        For simplicity, use the same name for each of these values that you specified in the previous step for ID.

      • Password (and confirmation)

      • User Status: Active

   3. Click OK.
   4. Click the new agent administrator name.
   5. On the Edit User page, click Group.
   6. Add the agents administrator group from Available to Selected.
   7. Click Save.
4. Assign read and write access to the agents administrator group:
   1. Click Access Control, realm-name, Privileges and then on the new agents administrator group link.
   2. Check Read and write access to all configured Agents.
   3. Click Save.

Next Steps

Login into the OpenSSO Console as the new agent administrator. The only available top-level tab is Access Control. Under realm-name, you will see only the Agents tab and sub tabs.