Install the Proxy Plug-In on WebSphere
The web server on which you installed the web agent forwards request to the application server that hosts the server. The vendor-provided web server proxy plug-in provides this service.
The web server on which you installed the web agent forwards request to the application server that hosts the
Identity Managerserver. The vendor-provided web server proxy plug-in provides this service.
If you use the Microsoft IIS web server as proxy server, you must configure an additional pass through setting to receive application-specific error responses when invalid REST API/TEWS requests are submitted through the Proxy URL.
Run the following command from the
%windir%\system32\inetsrvfolder on the IIS machine where the proxy plug-in is configured.
appcmd.exe set config -section:system.webServer/httpErrors /existingResponse:"PassThrough" /commit:apphost
To install and configure the Proxy Plug-In on WebSphere, perform the following steps:
Configure the IBM HTTP Server
For all web servers, you install the proxy plug-in and use the configurewebserver command.
Follow these steps:
- Install the proxy plug-in from the WebSphere Launch Pad.
- Add the Web Server to the WebSphere cell by running theconfigurewebserver1.batorconfigurewebserver1.shcommand as follows:
Note: For more information about theconfigurewebservercommand, see the IBM WebSphere documentation.
- Windows:Editwebsphere_home\Plugins\bin\configurewebserver1.bat in a text editor.Linux:Editwebsphere_home/Plugins/bin/configurewebserver1.sh in a text editor.
- Add a user name and password to wsadmin.bat or wsadmin.sh as follows:Example:wsadmin.bat -user wsadmin -password password -f configureWebserverDefinition.jacl
- Run configurewebserver1.bat or configurewebserver1.sh.
Configure the Proxy Plug-In
For all web servers, you update the plug-in using the GenPluginCfg command of WebSphere:
Follow these steps:
- Log in to the system where WebSphere is installed.
- From the command line, navigate towebsphere_home\bin, wherewebsphere_homeis the installed location of WebSphere.For example:
- Windows:C:\Program Files\WebSphere\AppServer\profile\AppSrv01\bin
- Run the GenPluginCfg.bat or GenPluginCfg.sh command.This command generates a plugin-cfg.xml file in the following location:websphere_home\AppServer\profiles\AppSrv01\config\cells
Complete the Configuration on IIS (7.x)
Before starting this procedure, verify that you are using a Version 184.108.40.206, or later, of the web server plug-in. Earlier versions of the plug-in do not support the Windows Server 2008 operating system.
Follow these steps:
- Install IIS Version 7.x with the IIS Version 6.0 Management Compatibility components. By default, IIS Version 6.0 Management Compatibility components are not installed.
- Complete the following steps to bring up the Server Manager window on Windows Server 2008:
- Click Start, Administrative Tools, Server Managers.
- Click Action, Add Roles, and then click Next.
- Select the Web Server (IIS) role on the Select Server Roles page, and then click Next.
- Click Add Feature, Next, when a prompt for the Windows Process Activation Service feature displays
- Click Next on the IIS introduction page.
- When the Role Services window displays, verify that the following options are selected in addition to the default options that are already selected.
- Internet Information Services: Management Tools
- IIS Version 6.0 Management Compatibility: IIS Version 6.0 Management Console, IIS Version 6.0 Scripting Tools, IIS Version 6.0 WMI Compatibility, and IIS Metabase compatibility
- Application Development: ISAPI Extensions, ISAPI Filters
- Click Next to enable the selected options, and then click Install on the next window to perform the installation.
- Click Close on the Installation Results window when the installation finishes.
- Open the Command Prompt and go to :\Program Files\IBM\WebSphere\AppServer\profiles\Dmgr01\bin.
- Run this command: GenPluginCfg.bat.The plugin-cfg.xml file will be generated at this location: C:\Program Files\IBM\WebSphere\AppServer\profiles\Dmgr01\config\cells.
- Create a directory under c:\, for example, c:\plugin.
- Copy the plugin-cfg.xml file to the c:\plugin directory.
- Copy iisWASPlugin_http.dll file to the c:\plugin directory.
- Select Start , All Programs, Administrative Tools, Internet Information Services (IIS) Manager on a Windows Server 2008 operating system. This action starts the IIS application and creates a new virtual directory for the Web site instance. These instructions assume that you are using the Default Web Site.
- Expand the tree on the left until you see Default Web Site.
- Right-click Default Web Site,Add Virtual Directory to create the directory with a default installation.
- Enter setPlugins in the Alias field on the Virtual Directory Alias window of the Virtual Directory Creation Wizard.
- Browse to the c:\plugin directory in the Physical Path field of the Web Site Content Directory window of the wizard, and then click OK.
- Click the Test Settings button. If the settings test fails, you can change the permissions of the physical directory. Alternatively, select Connect As, and let IIS connect as a Windows user account that has authority to files in that physical path.
- Click OK to add the setPlugins virtual directory to your web site.
- Select the setPlugins virtual directory that you just created in the navigations tree.
- Double-click Handler Mappings, and then click Edit Feature Permissions on the Actions panel.
- Select Script and Execute, if they are not already selected.
- Click OK.
- Return to the IIS Manager window, and expand the Web Sites folder in the left-hand navigation tree of that window.
- Select Default Web Site in the navigation tree.
- Complete the following steps on the Default Web Site Properties panel to add the ISAPI filter:
- Double-click the ISAPI Filters tab.
- Click to open the Add/Edit Filter Properties dialog.
- Enter iisWASPlugin in the Filter name field.
- Click Browse to select the plug-in file located in the c:\plugin\iisWASPlugin_http.dll directory.
- Click OK to close the Add/Edit Filter Properties dialog.
- Select the top level server node in the navigation tree.
- Double-click ISAPI and CGI Restrictions on the Features panel.To determine the value to specify for the ISAPI or CGI Path property, browse to, and then select the same plug-in file that you selected in the previous step. For example:c:\plugin\iisWASPlugin_http.dll.
- Click Add on the Actions panel.
- Enter WASPlugin in the Description field, select Allow extension path to execute, and then click OK to close the ISAPI and CGI Restrictions dialog window.
- Create the new file plugin-cfg.loc in location c:\plugin. Set the value in the plugin-cfg.loc file to the location of the configuration file. The default location is C:\plugin\plugin-cfg.xml.
Update the Web Agent
After configuring IIS 7.x, make the following changes to the web agent:
- Click Application pools and change the Default App Pool to Classic mode.
- Click Submit.
- Make sure the agent is higher in the ISAPI Filters priority list than the plug-in for the application server used byIdentity Manager.
- Restart IIS Version 7.x and your WebSphere Application Server profile.
Complete the Configuration on IIS
After you have configured the IBM HTTP server and the proxy plug-in, you make sure the proxy plugin-cfg.xml is in the right location and perform steps to configure an additional plugin file.
Follow these steps:
- Copy the plugin-cfg.xml as follows:
- Log in to the system where the web agent is installed.
- Create a folder with no spaces under the C: drive. For example: C:\plugin.
- Copy the plugin-cfg.xml file to the C:\plugin folder.
- Create a file called plugin-cfg.loc in the C:\plugin folder and add the following line into the file:C:\plugin\plugin-cfg.xml
- Download the Websphere Plugin installer from www.ibm.com to the system where WebSphere is installed.
- Go to the location of the WebSphere Plugin installer.
- Generate the iisWASPlugin_http.dll file by using this command:install is:javahome "c:\IBM\WebSphere\AppServer\JavaRespond to the questions presented based on your configuration.When the wizard ends, the iisWASPlugin_http.dll file is saved in the C:\IBM\WebSphere\Plugs\bin folder. Look for a 32-bit or 64-bit subfolder.
- Copy the iisWASPlugin_http.dll file to the C:\plugin folder on the system with the web agent.
- Create a virtual directory as follows:
- Open the IIS Manager.
- Right-click Default web sites.
- Click New virtual directory and supply these values:Alias: sePlugins (it is case-sensitive.)Path: c:\pluginPermission: Read + Execute (ISAPI or CGI)
- Add an ISAPI filter as follows:
- Right-click Default Web Site.
- Click properties.
- Click Add on the ISAPI filter tab.
- Supply these values:Filter name: sePluginsExecutable: c:\plugin\ iisWASPlugin_http.dll
- Create a web service extension as follows:
- In IIS6 Manager, expand the computer name.
- Create a Web Service Extension and set it to allowed.Extension name: WASPluginPath: C:\plugin\ iisWASPlugin_http.dll
- Right click each Web Service Extension to change it to Allowed Status.
- Restart the IIS Web server.In the master WWW service, ensure that the WebSphere plug-in (sePlugin) appears after the CA SSO® Web Agent plug-in and that the WebSphere plug-in started successfully.
Complete the Configuration on iPlanet or Apache
After you have configured the IBM HTTP server and the proxy plug-in, you make sure the proxy plugin-cfg.xml is in the right location and restart the web server.
Follow these steps:
- Copy the plugin-cfg.xml from the system where you installed the proxy plug-in to the following location:websphere_home\AppServer\profiles\server_name\config\cells\websphere_cell\nodes\webserver1_node\servers\webserver1\
- Ensure that the WebSphere plug-in (libns41_http.so) is loaded after the CA SSO® Web Agent plug-in (NSAPIWebAgent.so) on all iPlanet Web Servers
- Check the order of plug-ins iniplanet_home/https-instance/config/magnus.conf for IPlanet 6.0 Web Servers.
- Copy the following lines fromiplanet_home/https-instance/config/magnus.conf toiplanet_home/https-instance/config/obj.conf (IPlanet 5.x Web Serverse):Init fn="load-modules" funcs="as_init,as_handler,as_term" shlib="/export/WebSphere/AppServer/bin/libns41_http.so"Init fn="as_init" bootstrap.properties="/export/WebSphere/AppServer/config/cells/plugin-cfg.xml"Add the following code after AuthTrans fn="SiteMinderAgent" in the obj.conf file:Service fn="as_handler"
- Be sure that the CA SSO® Web Agent plug-in (mod2_sm.so) is loaded before the WebSphere plug-in (mod_ibm_app_server_http.so) on Apache Web Servers. This command is in the Dynamic Shared Object (DSO) Support section ofapache_home/config/httpd.conf,
- Restart the web server.