|
|
|
The following list shows the configuration parameters used only for the IIS Web Agent in alphabetical order:
Instructs the Web Agent to add the authenticated user name and SiteMinder transaction ID to the IIS server log on a separate line.
Default: No
Note: This parameter applies to IIS 6.0 Web Agents only.
Specifies a default password for the associated Windows user that is used to access IIS resources as a proxy user.
Important! If you want to encrypt this parameter, set it centrally in the Agent Configuration Object. If this parameter is set in a local configuration file, it will not be encrypted and will be less secure.
Default: No default
Specifies the name of a Windows user that is used to access IIS resources as a proxy user. When users want to access resources on an IIS web server protected by SiteMinder, they may not have the necessary server access privileges. For example, if users are stored in an LDAP user directory on a UNIX system, those users may not have access to the Windows system with the IIS web server.
The Web Agent must use this NT user account, which is assigned by an NT administrator, to act as a proxy user account for users granted access by SiteMinder.
Default: No default
Specifies whether a Web Agent observes the 64 KB data-size limit when preserving or filtering POST data. This does not affect the standard POST operation, but it does affect the following:
Default: No (limit enforced)
Important! Change this parameter to yes at your own risk.
Note: This parameter applies to IIS 5.0 Web Agents only.
Specifies whether the Web Agent uses an IIS proxy account to grant access to requested resources on IIS web servers to users who normally lack sufficient privileges to access the IIS web server.
This parameter affects the following parameters:
Default: No
Allows Web Agents for IIS 5 to enforce native IIS security mechanisms by providing a Windows user security context. Add this parameter to the Agent Configuration Object or local configuration file with the value you want.
If this parameter is set to yes, the Web Agent stores encrypted credentials in paged memory, which can be written to the operating system's page file and saved to a hard disk.
Important! If your hard disk is stolen or compromised, confidential data could be exposed.
If this parameter is no, the Web Agent stores encrypted credentials in protected kernel memory. This setting is more secure, but it places more demands on the physical memory of your IIS server.
Default: No
Note: This parameter applies to IIS 5.0 Web Agents only. It is not used in Framework Web Agents.
Prevents an IIS Web Agent from returning the Server HTTP Header in its responses. When the value of this parameter is set to no, the Web Agent sends the Server header with its responses and the IIS Web server passes it along to the client. When the value of this parameter is set to yes, the web agent does not send the Server header in its responses.
Default: No
Instructs the IIS Web Agent to execute the web application as an anonymous user, instead of using credentials of the proxy user.
Default: No
Specifies whether the IIS 6.0 Web Agent sends the user principal name (UPN) or the NetBIOS name to the IIS 6.0 web server for IIS user authentication.
Note: This parameter is valid only if an Active Directory user store is associated with the Policy Server.
If you enable this parameter, the Policy Server extracts the UserDN, the UPN, and the NetBIOS name from the Active Directory during SiteMinder authentication, and sends this data back to the IIS 6.0 Web Agent.
Depending on whether or not you selected the Use Authenticated User's Security Context option for the user directory with the Administrative UI and how you set the UseNetBIOSforIIAuth parameter, a user's logon credentials are sent as follows:
The IIS web server authenticates the user with the credentials it receives from the Web Agent.
Default: No
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |