Install the Proxy Plug-In for JBoss

This page contains the following topics:
cim140
This page contains the following topics:
 
 
If you use the Microsoft IIS web server as proxy server, you must configure an additional pass through setting to receive application-specific error responses when invalid REST API/TEWS requests are submitted through the Proxy URL.
Run the following command from the 
%windir%\system32\inetsrv
 folder on the IIS machine where the proxy plug-in is configured.
appcmd.exe set config -section:system.webServer/httpErrors /existingResponse:"PassThrough" /commit:apphost
After the CA Single Sign-On web agent authenticates and authorizes a request for 
Identity Manager
 resource, the web server forwards the request to the application server that hosts the 
Identity Manager
 server. To forward these requests, install and configure a Jakarta Connector on the system where the CA Single Sign-On Web Agent is installed. For more information about the Jakarta Connector, see http://community.jboss.org/wiki/usingmodjk12withjboss.
The 
Identity Manager
 Administrative Tools include sample configuration files that you can use to configure the Jakarta Connector. For instructions, see the 
readme.txt
 file in the directory noted in the following table:
 
Platform
 
 
Location
 
IIS Web server on a Windows system
C:\Program Files\CA\Identity Manager\IAM Suite\Identity Manager\tools\samples\ConnectorConfiguration\windows\IIS_JBoss*
This article covers the following topics:
 
 
Run the AJP Listener for WildFly
By default, JBoss does not use the Apache JServ Protocol (AJP) listener on port 8009. You must enable it with the JBoss WildFly Admin Console. This allows forwarding from the Web Server to the 
Identity Manager
 server.
 
Follow these steps:
 
  1. Log in to the JBoss Wildfly Admin Console. 
  2. Expand the Web selection and select HTTP.
    HTTP
    AJP
    , and 
    HTTPs
     Listeners appear.
  3. Under Listener, select the tab 
    AJP
     and click 
    Add
    .
    The Execute Operation window displays. 
  4. Enter the following options:
    Name: 
    default.ajp
    Socket binding: 
    ajp
     
  5. Click 
    Finish
    .
  6. Click the link 
    Edit
     to modify the AJP settings.
  7. Select the checkbox 
    Enabled
    .
  8. (Optional) Open a command line on the same system and test that the Wildfly AJP listener is running on port 8009:
    netstat -an | find "8009"
    TCP 127.0.0.1:8009 0.0.0.0:0 LISTENING
Install and Configure a JBoss WildFly Application plug-in Using IIS
You can install and configure proxy for JBoss WildFly using Internet Information Services (IIS).
 
Note:
 On the host where you are configuring proxy, you must not install the FTP server at 
Server Manager
Roles
.
 
Follow these steps:
 
  1. Install IIS 7.0 on Windows 2008 or IIS 8.0 on Windows 2012.
  2. Navigate to the 
    Server Manager
     
    .
    • Windows 2008:
      1. In the left panel, expand 
        Roles
        Web Server (IIS). 
         
      2. In the 
        Web Server (IIS)
         screen, scroll down to 
        Role Services 
        and ensure that 
        ISAPI filter
        ISAPI Extensions
        , and 
        CGI
         are installed.
      3. In the left panel, expand 
        Roles
        Web Server (IIS), Internet Information Services (IIS) Manager.
         
      4. In the 
        Internet Information Services (IIS) Manager 
        screen, navigate to proxy host (host where you are configuring proxy). 
      5. Under 
        IIS
        , double-click 
        ISAPI and CGI Restrictions
      6. In 
        ISAPI and CGI Restrictions
         screen, click 
        Add
         in the right panel.
      7. In the 
        Add ISAPI or CGI Restrictions
         window, browse to select 
        isapi_redirect.dll
         and enter the description as 
        ISAPI
        . Next, select 
        Allow extension path to execute
        .
      8. In the 
        Actions
         section on the right-panel, click 
        Edit Features Settings
        .
      9. In the 
        Edit ISAPI and CGI Restrictions Settings
        , select 
        Allow Unspecified CGI modules
         and 
        Allow Unspecified ISAPI modules
        .
      10. In the 
        Internet Information Services (IIS) Manager 
        screen, navigate to 
        Connection
        Proxy Host (host where you are configuring proxy)
        Sites
        Default Web Site
        . Right-click and select 
        Add Virtual Directory
        .
      11. In 
        Add Virtual Directory
        , enter the alias as 
        jakarta 
        which is case-sensitive, and set the 
        Physical Path
         as 
        isapi_redirect.dll
         file.
      12. Click 
        Test Settings
        .
      13. In the 
        Test Connection
         window, if physical path is not authorized, close the window and click 
        Connect as
         in the 
        Add Virtual Directory 
        window.
        Note:
         If authorization is not set, it means that the user does not have access to the folder to verify the physical path.
      14. In 
        Connect as
         window, select 
        Specific user
         and click 
        Set
        .
      15. In the 
        Set Credentials
         window, enter the user name and password of the windows login.
      16. In the 
        Test Connection
         window, test the connection to check if the physical path is accessible for Authorization.
      17. Navigate to 
        Default Web Site
        , and double-click 
        ISAPI Filters
        .
      18. Click 
        Add
         in the right-panel.
      19. In 
        Add ISAPI Filter
        , enter 
        jkfilter
         as the 
        Filter Name
         and provide 
        isapi_redirect.dll
         file path in the 
        Executable 
        field.
      20. Navigate to 
        Default Web Site, jakarta
         virtual directory and double-click 
        Handler Mappings 
        in
         jakara Home 
        screen.
      21. In 
        Handler Mappings
         screen, click 
        Edit Feature Permissions
         in the 
        Actions
         section on the right-panel.
      22. In 
        Edit Feature Permissions
         window, ensure that 
        Read
        Script
         and 
        Execute 
        permissions are selected.
      23. Navigate to 
        Default Web Site
        , and double-click 
        Handler Mappings
        .
      24. In 
        Handler Mappings
         screen, click 
        Edit Feature Permissions
         in the 
        Actions
         section on the right-panel.
      25. In 
        Edit Feature Permissions
         window, ensure that 
        Read
        Script
         and 
        Execute 
        permissions are selected.
      26. Navigate to 
        Proxy Host
        , and double-click 
        Handler Mappings
        .
      27. In 
        Handler Mappings
         screen, click 
        Edit Feature Permissions
         in the 
        Actions
         section on the right-panel.
      28. In 
        Edit Feature Permissions
         window, ensure that 
        Read
        Script
         and 
        Execute 
        permissions are selected.
    • Windows 2012:
      1. In the 
        Server Manager Dashboard
         screen, click 
        Add roles and features. 
         
      2. In the Wizard, click 
        Next
         until you reach the 
        Roles
         screen.
      3. In the 
        Roles
         screen, navigate to 
        Web Server (IIS)
        ,
         Web Server
        ,
         Application Development 
        and select the following:
        1. CGI 
        2. ISAPI Extensions
        3. ISAPI Filters
      4. In the 
        Roles
         screen, navigate to 
        Web Server (IIS)
        ,
         Management Tools, 
         
         
        and do the following:
        1. Select 
          IIS Management Console
          .
        2. Expand 
          IIS 6 Management Compatibility
          , and select all options under it.
        3. Select 
          IIS Management Scripts and Tools
          .
      5. Click 
        Next
         to locate and click 
        Install
      6. In the 
        Internet Information Services (IIS) Manager 
        screen, navigate to proxy host (host where you are configuring proxy). 
      7. Under 
        IIS
        , double-click 
        ISAPI and CGI Restrictions
      8. In 
        ISAPI and CGI Restrictions
         screen, click 
        Add
         in the right panel.
      9. In the 
        Add ISAPI or CGI Restrictions
         window, browse to select 
        isapi_redirect.dll
         and enter the description as 
        ISAPI
        . Next, select 
        Allow extension path to execute
        .
      10. In the 
        Actions
         section on the right-panel, click 
        Edit Features Settings
        .
      11. In the 
        Edit ISAPI and CGI Restrictions Settings
        , select 
        Allow Unspecified CGI modules
         and 
        Allow Unspecified ISAPI modules
        .
      12. In the 
        Internet Information Services (IIS) Manager 
        screen, navigate to 
        Connection
        Proxy Host (host where you are configuring proxy)
        Sites
        Default Web Site
        . Right-click and select 
        Add Virtual Directory
        .
      13. In 
        Add Virtual Directory
        , enter the alias as 
        jakarta 
        which is case-sensitive, and set the 
        Physical Path
         as 
        isapi_redirect.dll
         file.
      14. Click 
        Test Settings
        .
      15. In the 
        Test Connection
         window, if physical path is not authorized, close the window and click 
        Connect as
         in the 
        Add Virtual Directory 
        window.
        Note:
         If authorization is not set, it means that the user does not have access to the folder to verify the physical path.
      16. In 
        Connect as
         window, select 
        Specific user
         and click 
        Set
        .
      17. In the 
        Set Credentials
         window, enter the user name and password of the windows login.
      18. In the 
        Test Connection
         window, test the connection to check if the physical path is accessible for Authorization.
      19. Navigate to 
        Default Web Site
        , and double-click 
        ISAPI Filters
        .
      20. Click 
        Add
         in the right-panel.
      21. In 
        Add ISAPI Filter
        , enter 
        jkfilter
         as the 
        Filter Name
         and provide 
        isapi_redirect.dll
         file path in the 
        Executable 
        field.
      22. Navigate to 
        Default Web Site, jakarta
         virtual directory and double-click 
        Handler Mappings 
        in
         jakara Home 
        screen.
      23. In 
        Handler Mappings
         screen, click 
        Edit Feature Permissions
         in the 
        Actions
         section on the right-panel.
      24. In 
        Edit Feature Permissions
         window, ensure that 
        Read
        Script
         and 
        Execute 
        permissions are selected.
      25. Navigate to 
        Default Web Site
        , and double-click 
        Handler Mappings
        .
      26. In 
        Handler Mappings
         screen, click 
        Edit Feature Permissions
         in the 
        Actions
         section on the right-panel.
      27. In 
        Edit Feature Permissions
         window, ensure that 
        Read
        Script
         and 
        Execute 
        permissions are selected.
      28. Navigate to 
        Proxy Host
        , and double-click 
        Handler Mappings
        .
      29. In 
        Handler Mappings
         screen, click 
        Edit Feature Permissions
         in the 
        Actions
         section on the right-panel.
      30. In 
        Edit Feature Permissions
         window, ensure that 
        Read
        Script
         and 
        Execute 
        permissions are selected.
  3. Run the following command in the Command Prompt to restart IIS.
    iisreset
  4. Install and configure the Web Agent with 
    Identity Manager
    .
  5. With the proxy now in place, you can access 
    Identity Manager
     through IIS. For example, here are the links for accessing 
    Identity Manager
     before and after the proxy configuration:
     
    Before
     
    http://<hostname>:8080/iam/im/env
     
    After
     
    http://<proxyhostname>:<proxyport>/iam/im/env
 
Note:
 A forward slash "/" can be needed at the end of this URL for the proxy to work. Reference the proxy logs if you are not forwarded to the Management Console.