Gather the Information for the Agent Configuration Program for IIS Web Servers

Installation and Upgrade Guides › Web Agent Installation Guide for IIS › Configure a SiteMinder Agent for IIS or Web Agent on an IIS Web Server › How to Configure a SiteMinder Web Agent or Agent for IIS using a Wizard › Gather the Information for the Agent Configuration Program for IIS Web Servers

Gather the Information for the Agent Configuration Program for IIS Web Servers

Before configuring a Web Agent on an IIS web server, gather the following information about your SiteMinder environment.

Host Registration

Indicates whether you want to register this agent as a trusted host with a SiteMinder Policy Server. Only one registration per agent is necessary. If you are installing the SiteMinder Agent for IIS 7.x on an IIS server farm, register all IIS agents in the farm as trusted hosts.

Limits: Yes, No

Admin User Name

Specifies the name of a SiteMinder user account that has sufficient privileges to create and register trusted host objects on the Policy Server.

Admin Password

Specifies the password that is associated with the SiteMinder user account that has sufficient privileges to create and register trusted host objects on the Policy Server.

Confirm Admin Password

Confirms the password that is associated with the SiteMinder user account that has sufficient privileges to create and register trusted host objects on the Policy Server.

Enable Shared Secret Rollover

Indicates whether the Policy Server generates a new shared secret when the agent is registered as a trusted host.

Trusted Host Name

Specifies a unique name for the host you are registering. After registration, this name appears in the list of Trusted Hosts in the Administrative UI. When configuring a SiteMinder Agent for IIS on an IIS web server farm, specify a unique name for each IIS server node on the farm. For example, if your farm uses six servers, specify six unique names.

Host Configuration Object

Indicates the name of the Host Configuration Object that exists on the Policy Server.

IP Address

Specifies the IP addresses of any Policy Servers to which the agent connects. Add a port number if you are not using the default port for the authentication server. Non-default ports are used for all three Policy Server connections (authentication, authorization, accounting).

Default: (authentication port) 44442

Example: (IPv4) 127.0.0.1,55555

Example: (IPv6) [2001:DB8::/32][:55555]

FIPS Mode Setting

Specifies one of the following algorithms:

FIPS Compatibility/AES Compatibility: Uses algorithms existing in previous versions of SiteMinder to encrypt sensitive data and is compatible with previous versions of SiteMinder. If your organization does not require the use of FIPS-compliant algorithms, use this option.
FIPS Migration/AES Migration: Allows a transition from FIPS-compatibility mode to FIPS-only mode. In FIPS-migration mode, SiteMinder environment continues to use existing SiteMinder encryption algorithms as you reencrypt existing sensitive data using FIPS-compliant algorithms.
FIPS Only/AES Only: Uses only FIPS-compliant algorithms to encrypt sensitive data in the SiteMinder environment. This setting does not interoperate with, nor is backwards-compatible with, previous versions of SiteMinder.

Default: FIPS Compatibility/AES Compatibility

Note: FIPS is a US government computer security standard that accredits cryptographic modules which meet the Advanced Encryption Standard (AES).

Important! Use a compatible FIPS/AES mode (or a combination of compatible modes) for both the SiteMinder agent and the SiteMinder Policy Server.

Name

Specifies the name of the SmHost.conf file which contains the settings the Web Agent uses to make initial connections to a SiteMinder Policy Server.

Default: SmHost.conf

Location

Specifies the directory where the SmHost.conf file is stored. On Windows 64-bit operating environments, the configuration program creates two separate files. One file supports 64-bit applications, and the other file supports 32-bit applications running on the same web server.

Default: (Windows IIS 7.x 32-bit) web_agent_home\win32\bin\IIS

Default: (Windows IIS 7.x 64-bit) web_agent_home\win64\bin\IIS

Virtual Sites

Lists the web sites on the IIS 7.x web server that you can protect with SiteMinder.

Overwrite, Preserve, Unconfigure

Appears when the SiteMinder Agent configuration wizard detects one of the following situations:

IIS 7.x websites that SiteMinder r12.0 SP3 already protects on a stand-alone IIS web server.
IIS 7.x websites that SiteMinder protects on an IIS server farm using shared configuration.

Select one of the following options:

Overwrite: Replaces the previous configuration of the SiteMinder Agent with the current configuration.
Preserve: Keeps the existing configuration of your SiteMinder Agent. No changes are made to this web server instance. Select this setting for each web server node if you are configuring the SiteMinder Agent for IIS 7.x on an IIS server farm.
Unconfigure: Removes the existing configuration of a SiteMinder Agent from the web server. Any resources are left unprotected by SiteMinder.

Default: Preserve

Agent Configuration Object Name

Specifies the name of an Agent Configuration Object (ACO) already defined on the Policy Server. IIS web servers in a server farm using shared configuration support sharing a single ACO name with all IIS servers in the farm.

Default: AgentObj

Webagent Enable option

Indicates if the configuration wizard enables (starts) the agent automatically. This setting produces the same results as editing the EnableWebAgent parameter value in the WebAgent.conf file with a text editor.

Default: No (clear check box)

Note: We recommend printing a copy of the Web Agent Installation worksheet to record this information for future reference.

More information:

SiteMinder Agent Configuration Worksheet for IIS Web Servers