Web Agent GuidesWeb Agent Configuration GuideManage User Access with IIS › Use an IIS Proxy User Account (IIS Only)

Previous Topic: Store Encrypted Credentials in a Page File (IIS 5.0 Only)

Next Topic: Enable Anonymous User Access

Use an IIS Proxy User Account (IIS Only)

If users try to access resources on an IIS web server protected by SiteMinder, the Web Agent may deny access if those users lack sufficient IIS privileges for those resources. For example, if users are stored in an LDAP user directory on a UNIX system, those users may not have access to the Windows system with the IIS web server.

The IIS web server has a default proxy account that has sufficient privileges for users who are granted access by SiteMinder. The Web Agent uses the values of the DefaultUserName and DefaultPassword parameters as credentials even if the user has a valid Windows security context.

To configure the IIS Web Agent to use a proxy user account

  1. Set the value of the ForceIISProxyUser parameter to one of the following values:
  2. If you are not using either of the following Windows features, continue with Step 3:
  3. Enter the user name for the proxy user account in the DefaultUserName parameter. If you are using a domain account, and the local machine is not a part of that domain, use the syntax shown in the following example:

    DefaultUserName=Windows_domain\acct_with_admin_privilege

    Otherwise, specify just the user name.

  4. Enter the password associated with the existing Windows user account in the DefaultPassword parameter.

    Important! We recommend setting this parameter in your Agent Configuration Object because you can encrypt it. If you set it in a local configuration file, the value is stored unencrypted in plain text.

    The IIS Proxy account is configured.

Copyright © 2010 CA. All rights reserved. Email CA about this topic