Manually configuring the v6SP6 and R12 SP2 CR-01 Web Agent on Windows 2008 R2/IIS 7.5.
search cancel

Manually configuring the v6SP6 and R12 SP2 CR-01 Web Agent on Windows 2008 R2/IIS 7.5.

book

Article ID: 51229

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Introduction:

The v6SP6 and R12 SP2 CR-01 Web Agents for IIS are currently supported on a Windows 2008 R2 system with IIS7.5 installed, however due to an issue with the Web Agent Configuration Wizard for these releases; manual configuration steps are required to configure the SiteMinder Web Agent with IIS7.5. The Web Agent Configuration Wizard issue is scheduled to be addressed in upcoming releases.

This is an informal guide to assist in the integration of the SiteMinder Web Agent with IIS 7.5 (on Windows 2008 R2). This guide is meant for people with familiarity with both Windows and SiteMinder. It assumes that the necessary objects are created in Policy Store for the Web Agent prior to installation of the Web Agent (Agent Identity, ACO, HCO, etc..).

Manual Installation and Configuration Steps:

  1. Run the Install Wizard;

    Select appropriate information as prompted.
    Do not configure the web agent.
    Reboot at the end (the installer can do this for you).

  2. Add Roles;

    Start -> Administrative Tools -> Server Manager
    Roles Summary -> Add Roles

    In the Roles Wizard:

    Click next, and select Web Server (IIS).
    Click Next.
    Click Next.
    In Application Development, select "asp.net" (approve dependencies) and "cgi"

    (NOTE: please ensure that these four check-boxes are selected; asp.net, isapi filters, isapi extensions, and CGI)

    Click next.
    Click the "Install" button.
    Close the Roles Wizard.

  3. Run the Web Agent Configuration Wizard and follow the prompts;

    Start -> All Programs -> CA -> SiteMinder -> SiteMinder Configuration Wizard

    (NOTE: This will register the Trusted Host and configure the WebAgent.conf, but will not properly configure the Agent in IIS7.5, requiring these further manual steps.)

  4. From a Command Prompt;

    1. Navigate to the "c:\windows\system32\inetsrv" directory.

    2. Run the 'appcmd' command as follows, modifying the path to the ISAPI6WebAgent.dll as required based on your installation path;

      appcmd set config /section:isapiFilters /+[name='IIS75Filter'

      ,path='"C:\program files\ca\webagent\bin\ISAPI6WebAgent.dll"',enabled='true']

      Please take note the use of both the single and double quotes, as shown below to "quote" the path to the ISAPI6WebAgent.dll;

      <Please see attached file for image>

      Figure 1

  5. Open IIS Manager and expand the 'Hostname>Sites' and select the "Default Web Site";

    <Please see attached file for image>

    Figure 2

  6. In the center frame for the "Default Web Site" click on "Handler Mappings" to display the following configuration screen.

    <Please see attached file for image>

    Figure 3

  7. Set Permissions for ISAPI DLL;

    1. Select "ISAPI-dll"

    2. Select "Edit Feature Permissions..." from the "Actions" frame on the right.

    3. Select all three options (read, script, and execute) and click 'OK'.

  8. Add the "Wildcard Script Map";

    1. Select "Add Wildcard Script Map..." from the "Actions" frame on the right.

    2. Set the "Executable:" field to the location of the ISAPI6WebAgent.dll and provide a "Name" for the mapping.

      (Note: In an IIS7.0 configuration, the Web Agent Configuration Wizard will enter this value as "handler-wa". You may wish to select a different name during this manual configuration as shown above)

    3. Click "OK" and click "Yes" when prompted to save and enable the mapping.

      <Please see attached file for image>

      Figure 4

  9. Verify that the "IIS75Filter" exists.

    1. In the "Connections" frame on the left, again select "Default Web Site".

    2. In the center frame for the "Default Web Site" click on "ISAPI Filters".

    3. On the "ISAPI Filters" screen, verify "IIS75Filter" exists

      (This should have been created in step 4)

      If present skip to step 10, if not present continue with "d" below.

    4. Click on "Add..." from the "Actions" frame on the right.

    5. Enter "IIS75Filter" as the "Filter name:".

    6. Enter the path to the ISAPI6WebAgent.dll in the "Executable:" field.

    7. Click "OK".

  10. Set appropriate permissions for the Web Agents "\config" directory.

    1. Open "Windows Explorer" and navigate to the Web Agent's "\config" directory.

    2. Right click and select "properties".

    3. From the "Security" Tab;

      1. Click "Add..".

      2. Add the "IIS AppPool\DefaultAppPool" as shown below.

      3. Click "OK".

      4. Add "Write" permissions for the added user.

      5. Click "OK" 2 more times to close the Properties dialog.

        <Please see attached file for image>

        Figure 5

  11. Set appropriate permissions for the Web Agents "\log" directory.

    1. Open "Windows Explorer" and navigate to the Web Agent's "\log" directory.

    2. Right click and select "properties".

    3. From the "Security" Tab;

      1. Click "Add..".

      2. Add the "IIS AppPool\DefaultAppPool" as shown below.

      3. Click "OK".

      4. Add "Write" permissions for the added user.

  12. Add the "siteminderagent" Virtual Directory

    1. Go to "content view" on the bottom of the IIS Manager
    2. Select "Add Virtual Directory" on the right hand side
    3. Name the Virtual Directory "siteminderagent" and make the path the path to your "samples" directory. The Picture here shows default R12 directory

      <Please see attached file for image>

      Figure 7
  13. Adjust WebAgent.conf ;

    1. Navigate to the Web Agents installation directory;

      For example "C:\Program Files\CA\WebAgent\bin\iis\"

    2. Open "WebAgent.conf" and change "EnableWebAgent="NO"" to "EnableWebAgent="YES"".

      At this point your SiteMinder Web Agent is installed, configured and enabled. The next time you restart IIS 7.5 it will start protecting the default web site. Handler Mappings may need to be added to other web sites in order to have them protected. Please note that the most simplistic way to restart IIS is to use the "iisreset" command at your Command Prompt. This will also reset all those services dependent upon IIS automatically.

Environment

Release:
Component: SMIIS

Attachments

1558711617360000051229_sktwi1f5rjvs16sba.gif get_app
1558711615087000051229_sktwi1f5rjvs16sb9.gif get_app
1558711613270000051229_sktwi1f5rjvs16sb8.gif get_app
1558711610451000051229_sktwi1f5rjvs16sb7.gif get_app
1558711608317000051229_sktwi1f5rjvs16sb6.gif get_app
1558711605321000051229_sktwi1f5rjvs16sb5.gif get_app
Powered by Wolken Software