000014827 - AxM 4.7 agent for IIS5 - how to configure password replay

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014827
Applies ToProtocol transition is not an option in IIS 5, you must use configure password replay, which is the equivalent in IIS 5
IIS5 on Windows 2000
AxM 4.7 agent for Windows
IssueAxM 4.7 agent for IIS5 - how to configure password replay
There is no documentation on the base configuration of password replay
Resolution

Install the 4.7 agent as directed by the installation guide. Insure basic authentication works properly and insure you install the latest hotfix available for the  4.7 agent.  At the time of this writing, the latest 4.7 IIS 5 hotfix is hotfix -47.

In order for password replay to work, the key setting changes in the webagent.conf are:

cleartrust.agent.iis.defer_export_basic_auth_hdr=TRUE
cleartrust.agent.iis.msapp_resource_list=/test/*   (... This would be the URI protected by BASIC authentication to simulate password replay..)
cleartrust.agent.auth_header_with_value_null=True
cleartrust.agent.iis.suppress_basic_auth_for_unprotected=FALSE
cleartrust.agent.iis.defer_export_basic_auth_hdr=TRUE
cleartrust.agent.iis.msapp_resource_list=/test/*
cleartrust.agent.iis.enable_ssi_auth_check=False
cleartrust.agent.iis.fail_unset_upn=False
cleartrust.agent.shared_secret=Y1Kaq2ggGCuy4WqMgEkWddJzsu+Isl/QT8J4yldjBZZk

Notes

Here is a full listing of all webagent.conf settings from a working test system

cleartrust.agent.iis.priority=HIGH
cleartrust.agent.iis.preproc_auth_enabled=TRUE
cleartrust.agent.log_level=Debug
cleartrust.agent.log_flags=04
cleartrust.agent.log_file=C:\Program Files\RSA\Access Manager Agent 4.7\IIS\Logs\ctagent.log
cleartrust.agent.log_file_rotation_maxsize=50 Mbs
cleartrust.agent.log_file_rotation_interval=150 Hrs
cleartrust.agent.log_format="%t - [%i] - <%d> - "
cleartrust.agent.log_pool_option=None
cleartrust.agent.debug_modules=
cleartrust.agent.log_process_safe_file_rotation=False
cleartrust.agent.protected_resource_cache_ttl=10 Mins
cleartrust.agent.protected_resource_cache_size=10000
cleartrust.agent.unprotected_resource_cache_ttl=5 Mins
cleartrust.agent.unprotected_resource_cache_size=10000
cleartrust.agent.authz_allow_cache_ttl=5 Mins
cleartrust.agent.authz_allow_cache_size=10000
cleartrust.agent.authz_deny_cache_ttl=10 Mins
cleartrust.agent.authz_deny_cache_size=10000
cleartrust.agent.token_cache_ttl=5 Mins
cleartrust.agent.token_cache_size=10000
cleartrust.agent.iis.token_server_cache_ttl=8 Hrs
cleartrust.agent.iis.token_server_cache_size=3000
cleartrust.agent.user_properties_cache_ttl=10 Mins
cleartrust.agent.user_properties_cache_size=10000
cleartrust.agent.enabled=True
cleartrust.agent.web_server_name=win2000
cleartrust.agent.wax=
cleartrust.agent.sso=True
cleartrust.agent.session_lifetime=8 Hrs
cleartrust.agent.idle_timeout=15 Mins
cleartrust.agent.auto_challenge=True
cleartrust.agent.fudge_factor=5 Mins
cleartrust.agent.cookie_domain=.cindysworld.com
cleartrust.agent.path=/
cleartrust.agent.secure=False
cleartrust.agent.cookie_expiration=0 Mins
cleartrust.agent.send_token_as_user_id=User
cleartrust.agent.cookie_ip_check=True
cleartrust.agent.trusted_proxy_header_name=
cleartrust.agent.trusted_proxy_list=
cleartrust.agent.trusted_proxy_strict_mode=False
cleartrust.agent.cookie_name=CTSESSION
cleartrust.agent.cookie_touch_window=30 Secs
cleartrust.agent.allow_subnet_masking=False
cleartrust.agent.ip_check_exclusion_list=
cleartrust.agent.cookie_exclusion_list=
cleartrust.agent.cookie_port_exclusion_list=
cleartrust.agent.user_header_list=
cleartrust.agent.exported_headers=
cleartrust.agent.userprops=
cleartrust.agent.userprops_level=AuthN
cleartrust.agent.multivalue_userprops_oneset=True
cleartrust.agent.one_userprops_header=False
cleartrust.agent.strict_headers_export=True
cleartrust.agent.export_session_init_time=True
cleartrust.agent.export_session_expiration_time=True
cleartrust.agent.export_last_touch_time=True
cleartrust.agent.export_cookie_user_buffer=True
cleartrust.agent.ct_print_log_level=None
cleartrust.agent.form_based_enabled=True
cleartrust.agent.externalize_forms=False
cleartrust.agent.retain_url=True
cleartrust.agent.retain_url.use_full_url=True
cleartrust.agent.retain_url.use_full_url_for_ct_orig_uri=False
cleartrust.agent.retain_url.use_query_string=False
cleartrust.agent.retain_url.preserve_query_string=False
cleartrust.agent.retain_url.redirect_to_ct_home=False
cleartrust.agent.realm=CT
cleartrust.agent.ignore_http_auth=True
cleartrust.agent.auth_header_with_value_null=True
cleartrust.agent.iis.suppress_basic_auth_for_unprotected=FALSE
cleartrust.agent.iis.defer_export_basic_auth_hdr=TRUE
cleartrust.agent.iis.frontpage_enabled=False
cleartrust.agent.iis.msapp_resource_list=/test/*
cleartrust.agent.iis.enable_iis_5_isolation_mode=False
cleartrust.agent.iis.enable_ssi_auth_check=False
cleartrust.agent.iis.token_server_list=
cleartrust.agent.iis.fail_unset_upn=False
cleartrust.agent.shared_secret=Y1Kaq2ggGCuy4WqMgEkWddJzsu+Isl/QT8J4yldjBZZk
cleartrust.agent.custom_auth=
cleartrust.agent.auth_resource_list=/*=BASIC
cleartrust.agent.default_auth_mode=BASIC
cleartrust.agent.attempt_multiple_authentications=False
cleartrust.agent.certdn_attr_name_map=
cleartrust.agent.reverse_certificate_dn=False
cleartrust.agent.convert_certificate_dn_delimiter=False
cleartrust.agent.default_language=en
cleartrust.agent.accepted_languages_list=
cleartrust.agent.url_inclusion_list=
cleartrust.agent.url_exclusion_list=
cleartrust.agent.extension_exclusion_list=gif,jpg
cleartrust.agent.login_home_location=/cleartrust/ct_home.asp?language=<%language%>
cleartrust.agent.login_form_location_iwa=/cleartrust/iwa/ct_home.asp
cleartrust.agent.logout_form_location=/cleartrust/ct_logout_<%language%>.html
cleartrust.agent.login_form_location_basic=/cleartrust/ct_logon.asp?CTAuthMode=BASIC&language=<%language%>
cleartrust.agent.login_error_user_location_basic=/cleartrust/ct_logon.asp?CTAuthMode=BASIC&CTLoginErrorMsg=Login%20failed&language=<%language%>
cleartrust.agent.login_error_pw_location_basic=/cleartrust/ct_logon.asp?CTAuthMode=BASIC&CTLoginErrorMsg=Login%20failed&language=<%language%>
cleartrust.agent.login_form_location_securid=/cleartrust/ct_logon.asp?CTAuthMode=SECURID&language=<%language%>
cleartrust.agent.login_form_location_sid_nexttoken=/cleartrust/ct_securid.asp?CTAuthMode=SECURID&SecurIDMode=nexttoken&language=<%language%>
cleartrust.agent.login_form_location_sid_newpin=/cleartrust/ct_securid.asp?CTAuthMode=SECURID&SecurIDMode=newpin&language=<%language%>
cleartrust.agent.login_form_location_sid_passcode=/cleartrust/ct_securid.asp?CTAuthMode=SECURID&SecurIDMode=passcode&language=<%language%>
cleartrust.agent.login_error_location_securid=/cleartrust/ct_logon.asp?CTAuthMode=SECURID&CTLoginErrorMsg=Login%20Unsuccessful&language=<%language%>
cleartrust.agent.login_form_location_nt=/cleartrust/ct_logon.asp?CTAuthMode=NT&language=<%language%>
cleartrust.agent.login_error_user_location_nt=/cleartrust/ct_logon.asp?CTAuthMode=NT&CTLoginErrorMsg=Login%20failed&language=<%language%>
cleartrust.agent.login_error_pw_location_nt=/cleartrust/ct_logon.asp?CTAuthMode=NT&CTLoginErrorMsg=Login%20failed&language=<%language%>
cleartrust.agent.login_error_password_expired=/cleartrust/ct_access_denied_<%language%>.html
cleartrust.agent.login_error_password_expired_forced=/cleartrust/ct_access_denied_<%language%>.html
cleartrust.agent.login_error_password_expired_new_user=/cleartrust/ct_access_denied_<%language%>.html
cleartrust.agent.login_form_location_custom=/cleartrust/ct_logon.asp?CTAuthMode=CUSTOM&language=<%language%>
cleartrust.agent.login_error_user_location_custom=/cleartrust/ct_logon.asp?CTAuthMode=CUSTOM&CTLoginErrorMsg=Login%20failed&language=<%language%>
cleartrust.agent.login_error_pw_location_custom=/cleartrust/ct_logon.asp?CTAuthMode=CUSTOM&CTLoginErrorMsg=Login%20failed&language=<%language%>
cleartrust.agent.login_cert_invalid_user=/cleartrust/ct_access_denied_<%language%>.html
cleartrust.agent.login_auth_inactive_account=/cleartrust/ct_access_denied_<%language%>.html
cleartrust.agent.login_auth_expired_account=/cleartrust/ct_access_denied_<%language%>.html
cleartrust.agent.login_auth_user_locked_out=/cleartrust/ct_access_denied_<%language%>.html
cleartrust.agent.login_auth_url_access_denied=/cleartrust/ct_access_denied_<%language%>.html
cleartrust.agent.login_server_error=/cleartrust/ct_access_denied_<%language%>.html
cleartrust.agent.server_pool=__default__
cleartrust.agent.console_port=5628
cleartrust.agent.rules_file=
cleartrust.agent.auth_type_mapping=
cleartrust.agent.post_url_idle_timeout=0 Secs
cleartrust.agent.post_url_idle_timeout_list=
cleartrust.agent.extended_results=
cleartrust.agent.client_encoding=UTF-8
cleartrust.agent.map_upn_formatted_id=False
cleartrust.agent.dispatcher_list=10.32.27.220:5608
cleartrust.agent.dispatcher_timeout=10 Secs
cleartrust.agent.auth_server_pool_refresh=1 Hrs
cleartrust.agent.ssl.use=Anon
cleartrust.agent.ssl.keystore=
cleartrust.agent.ssl.ca_keystore=
cleartrust.agent.ssl.keystore_passphrase=
cleartrust.agent.ssl.private_key_passphrase=
cleartrust.agent.ssl.private_key_alias=
cleartrust.agent.ssl.ca_keystore_passphrase=
cleartrust.agent.auth_server_list=
cleartrust.agent.auth_server_timeout=15 Secs
cleartrust.agent.dispatcher_mode=STANDARD
cleartrust.agent.auth_server_mode=STANDARD
cleartrust.agent.auth_server_submode=ADAPTIVE
cleartrust.agent.location_class_priority=
cleartrust.agent.keyserver_list=
cleartrust.agent.key_client_name=
cleartrust.agent.key_client_secret=
cleartrust.agent.retry_count=5
cleartrust.agent.socket_tcp_nodelay=True
cleartrust.agent.max_open_connections=0

 

Legacy Article IDa47473

Attachments

    Outcomes