For example we use http://ntlmprod.testdomain.com/siteminderagent/ntlm/creds.ntc as the url in the ntlm authentication scheme.
setting up /siteminderagent/ntlm/ virtual directory was straight forward but no where it is mentioned as how to add .ntc script maps. The documentation gives details for IIS 5 and IIS 6.
Here are the steps
- Create a website ntlmprod.testdomain.com with ntlmprod as ApplicationPool.
- make sure ntlmprod app pool is classic, (however I did not find any errors till now if we use integrated. But the docs say use classic for all Siteminder protected)
- we generally use just a single asp page called header.asp in the folders hosting the ntlm websites. so d:\inetpub\ntlmprod\header.asp.
- add virtual directory for siteminderagent
- add virtual directory for ntlm
finally it should look like http://ntlmprod.testdomain.com/siteminderagent/ntlm/
- For root website and siteminderagent - use just anonymous authentication
- For NTLM VD, use only Windows Authentication
for ntlmprod.testdomain.com
ISAPI Filters
- add SiteminderAgent with executable D:\Program Files (x86)\netegrity\webagent\bin\ISAPI6WebAgent.dll and make sure it is moved to the top of the list in "View Ordered List" view.
Handler Mappings
- add "WildCard Script Map" SiteminderAgent with executable D:\Program Files (x86)\netegrity\webagent\bin\ISAPI6WebAgent.dll and make sure it is moved to the top of the list in "View Ordered List" view.
- add "Script Map" NTC-Siteminder
Request Path = *.ntc"
Executable = D:\Program Files (x86)\netegrity\webagent\bin\ISAPI6WebAgent.dll
- add "Script Map" FCC-Siteminder
Request Path = *.fcc"
Executable = D:\Program Files (x86)\netegrity\webagent\bin\ISAPI6WebAgent.dll
ISAPI and CGI restrictions
- make sure the dll is set to allowed "D:\Program Files (x86)\netegrity\webagent\bin\ISAPI6WebAgent.dll"
No comments:
Post a Comment