{"id":11678,"date":"2016-10-19T18:59:05","date_gmt":"2016-10-19T23:59:05","guid":{"rendered":"http:\/\/jianmingli.com\/wp\/?p=11678"},"modified":"2017-10-25T20:45:28","modified_gmt":"2017-10-26T01:45:28","slug":"openam12-iis-7-web-policy-agent","status":"publish","type":"post","link":"https:\/\/jianmingli.com\/wp\/?p=11678","title":{"rendered":"OpenAM12: IIS 7 Web Policy Agent"},"content":{"rendered":"
\n

Contents<\/h2>\n
    \n\t
  1. \n\t\tInstall IIS 7<\/a>\n\t<\/li>\n\t
  2. \n\t\tCreate IIS Agent Profile<\/a>\n\t<\/li>\n\t
  3. \n\t\tInstall OpenAM Agent<\/a>\n\t\t
      \n\t\t\t
    1. \n\t\t\t\tInteractive Install<\/a>\n\t\t\t<\/li>\n\t\t\t
    2. \n\t\t\t\tSilent Install<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
    3. \n\t\tWeb Site Authentication<\/a>\n\t<\/li>\n\t
    4. \n\t\tTest<\/a>\n\t<\/li>\n\t
    5. \n\t\tAgentadmin Commands<\/a>\n\t\t
        \n\t\t\t
      1. \n\t\t\t\tList Web Sites<\/a>\n\t\t\t<\/li>\n\t\t\t
      2. \n\t\t\t\tList Installed Agents<\/a>\n\t\t\t<\/li>\n\t\t\t
      3. \n\t\t\t\tDisable Agent<\/a>\n\t\t\t<\/li>\n\t\t\t
      4. \n\t\t\t\tEnable Agent<\/a>\n\t\t\t<\/li>\n\t\t\t
      5. \n\t\t\t\tRemove Agent<\/a>\n\t\t\t<\/li>\n\t\t\t
      6. \n\t\t\t\tRemove All Agent<\/a>\n\t\t\t<\/li>\n\t\t<\/ol>\n\t
      7. \n\t\tReferences<\/a>\n\t<\/li>\n<\/ol>\n<\/ol>\n<\/div>\n
         <\/div>\n

        Install IIS 7<\/h2><\/span>\n

        * OS: Windows 2008R2
        \n* Add roles:
        \nWeb Server (IIS) with:
        \n– Application Development<\/strong>
        \n* Add to hosts <\/em>file:<\/p>\n

        \r\n192.168.1.7 openam.my.com\r\n192.168.1.35 iis7.my.com\r\n<\/pre>\n
        Create IIS Agent Profile<\/h2><\/span>\n
        * Login OpenAM
        \n* Go to : Access Control > \/ (Top Level Realm) > Agents > Web<\/em> tab
        \n* Add a new Web agent named IIS7<\/strong>:
        \n– Note that you need to specify port number in both Server and Agent URL even for default ports 80 and 443<\/p>\n
        \"openam_iisagent_profile_1\"<\/a><\/h6><\/span>\n
        * Select new agent and enable SSO Only Mode<\/em>
        \n* If web server is behind a load balancer then
        \n– Go to Advanced tab
        \n– Select all <\/em>Load Balancer options<\/p>\n
        Install OpenAM Agent<\/h2><\/span>\n
        * Download IIS Web Policy Agent, e.g. IIS_WINNT_64bit_4.0.0.zip<\/em>, from ForgeRock download <\/a>site.
        \n* Unzip iis_agent<\/em> folder to, e.g. C:\\prog<\/em>, directory
        \n* For SSL support (e.g. OpenAM uses HTTPS),
        \n– Download pre-compiled openssl for Windows, e.g. from         here<\/a>, e.g. openssl-1.0.2k-x64_86-win64.zip<\/em>.
        \n– Copy following Openssl dll files:
        \nlibeay32.dll
        \nssleay32.dll
        \nto:
        \nC:\\Windows\\SysWOW64 (for 32 bit Openssl)
        \nC:\\Windows\\system32 (for 64 bit Openssl)
        \n– Run iisreset<\/em> in order for IIS to pickup Openssl dll files
        \n* Create a new password file named iis7pass.txt<\/em>. Enter password in the file, e.g. Wx1
        \n* Open a privileged command window
        \n* Go to C:\\prog\\iis_agent\\bin<\/em> <\/p>\n
        Interactive Install<\/h3><\/span>\n
        \r\nagentadmin.exe --i\r\n\r\nInstallation parameters:\r\n\r\n   OpenAM URL: http:\/\/openam.my.com:8080\/openam\r\n   Agent URL: http:\/\/iis7.my.com:80\r\n   Agent Profile name: IIS7\r\n   Agent realm\/organization name: \/\r\n   Agent Profile password source: C:\\prog\\iis_agent\\iis7pass.txt\r\n\r\nConfirm configuration (yes\/no): [no]: yes\r\nValidating...\r\nValidating... Success.\r\nCleaning up validation data...\r\nCreating configuration...\r\nInstallation complete.\r\n<\/pre>\n
        * Don’t forget iisreset<\/p>\n
        Silent Install<\/h3><\/span>\n
        \r\n# Find which site to install agent into\r\nagentadmin.exe --n\r\nIIS Server Site configuration:\r\n\r\nNumber of Sites: 1\r\n\r\nid: 1   name: \"DEFAULT WEB SITE\"\r\n\r\n# Silent install\r\nagentadmin.exe --s \"1\" \"http:\/\/openam.my.com:8080\/openam\" \"http:\/\/iis7.my.com:80\" \"\/\" \"IIS7\" \"C:\\prog\\iis_agent\\iis7pass.txt\" --changeOwner --acceptLicence\r\n<\/pre>\n
        * Don’t forget iisreset<\/p>\n
        Web Site Authentication<\/h2><\/span>\n
        * Login IIS server
        \n* Open IIS Manager
        \n* Select the web site
        \n* Enable anonymous authentication type for the site
        \n* Disable all other authentication types for the site<\/p>\n
        Test<\/h2><\/span>\n
        * Point browser to agent URL, e.g. http:\/\/iis7.my.com:80<\/a>
        \n* You’ll be prompted to login OpenAM
        \n* Once logged in, you’re redirected to agent site<\/p>\n
        Agentadmin Commands<\/h2><\/span>\n
        List Web Sites<\/h3><\/span>\n
        \r\nagentadmin.exe --n\r\nIIS Server Site configuration:\r\n\r\nNumber of Sites: 1\r\n\r\nid: 1   name: \"DEFAULT WEB SITE\"\r\n<\/pre>\n
        List Installed Agents<\/h3><\/span>\n
        \r\nagentadmin.exe --l\r\n\r\nOpenAM Web Agent configuration instances:\r\n\r\n   id:            agent_1\r\n   configuration: C:\\prog\\iis_agent\\bin\\..\\instances\\agent_1\r\n   server\/site:   2\r\n<\/pre>\n
        Disable Agent<\/h3><\/span>\n
        * This does not work in version 4.0.0<\/p>\n
        \r\nagentadmin.exe --d agent_1\r\n<\/pre>\n
        Enable Agent<\/h3><\/span>\n
        \r\nagentadmin.exe --e agent_1\r\n\r\nEnabling agent_1 module configuration in site 2... Done.\r\n<\/pre>\n
        Remove Agent<\/h3><\/span>\n
        \r\nagentadmin.exe --r agent_1\r\n\r\nWarning! This procedure will remove agent_1 configuration from IIS Site 2.\r\n\r\nContinue (yes\/no): [no]: y\r\n\r\nRemoving agent_1 configuration...\r\n\r\nRemoving agent_1 configuration... Done.\r\n<\/pre>\n
        Remove All Agent<\/h3><\/span>\n
        \r\nagentadmin.exe --g\r\n<\/pre>\n
        References<\/h2><\/span>\n
        * Documentation<\/a>
        \n*         Users Guide<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
        Install IIS 7 * OS: Windows 2008R2 * Add roles: Web Server (IIS) with: – Application Development * Add to hosts file: 192.168.1.7 openam.my.com 192.168.1.35 iis7.my.com Create IIS Agent Profile * Login OpenAM * Go to : Access Control > … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[6,720],"tags":[513,721],"class_list":["post-11678","post","type-post","status-publish","format-standard","hentry","category-iis","category-openam","tag-iis7","tag-openam"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p8cRUO-32m","_links":{"self":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11678"}],"version-history":[{"count":14,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11678\/revisions"}],"predecessor-version":[{"id":12074,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=\/wp\/v2\/posts\/11678\/revisions\/12074"}],"wp:attachment":[{"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jianmingli.com\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}