Install the Proxy Plug-In on WebSphere

The web server on which you installed the web agent forwards request to the application server that hosts the server. The vendor-provided web server proxy plug-in provides this service.
The web server on which you installed the web agent forwards request to the application server that hosts the 
Identity Manager
 server. The vendor-provided web server proxy plug-in provides this service.
If you use the Microsoft IIS web server as proxy server, you must configure an additional pass through setting to receive application-specific error responses when invalid REST API/TEWS requests are submitted through the Proxy URL.
Run the following command from the 
 folder on the IIS machine where the proxy plug-in is configured.
appcmd.exe set config -section:system.webServer/httpErrors /existingResponse:"PassThrough" /commit:apphost
To install and configure the Proxy Plug-In on WebSphere, perform the following steps:
Configure the IBM HTTP Server
For all web servers, you install the proxy plug-in and use the configurewebserver command.
Follow these steps:
  1. Install the proxy plug-in from the WebSphere Launch Pad.
  2. Add the Web Server to the WebSphere cell by running the 
    command as follows:
      Plugins\bin\configurewebserver1.bat in a text editor.
      Plugins/bin/ in a text editor.
    2. Add a user name and password to wsadmin.bat or as follows:
      wsadmin.bat -user wsadmin -password password -f configureWebserverDefinition.jacl
    3. Run configurewebserver1.bat or
    : For more information about the 
     command, see the IBM WebSphere documentation.
Configure the Proxy Plug-In
For all web servers, you update the plug-in using the GenPluginCfg command of WebSphere:
Follow these steps:
  1. Log in to the system where WebSphere is installed.
  2. From the command line, navigate to 
    \bin, where 
    is the installed location of WebSphere.
    For example:
      C:\Program Files\WebSphere\AppServer\profile\AppSrv01\bin
  3. Run the GenPluginCfg.bat or command.
    This command generates a plugin-cfg.xml file in the following location:
Complete the Configuration on IIS (7.x)
Before starting this procedure, verify that you are using a Version, or later, of the web server plug-in. Earlier versions of the plug-in do not support the Windows Server 2008 operating system.
Follow these steps:
  1. Install IIS Version 7.x with the IIS Version 6.0 Management Compatibility components. By default, IIS Version 6.0 Management Compatibility components are not installed.
  2. Complete the following steps to bring up the Server Manager window on Windows Server 2008:
    1. Click Start, Administrative Tools, Server Managers.
    2. Click Action, Add Roles, and then click Next.
    3. Select the Web Server (IIS) role on the Select Server Roles page, and then click Next.
    4. Click Add Feature, Next, when a prompt for the Windows Process Activation Service feature displays
    5. Click Next on the IIS introduction page.
  3. When the Role Services window displays, verify that the following options are selected in addition to the default options that are already selected.
    • Internet Information Services: Management Tools
    • IIS Version 6.0 Management Compatibility: IIS Version 6.0 Management Console, IIS Version 6.0 Scripting Tools, IIS Version 6.0 WMI Compatibility, and IIS Metabase compatibility
    • Application Development: ISAPI Extensions, ISAPI Filters
  4. Click Next to enable the selected options, and then click Install on the next window to perform the installation.
  5. Click Close on the Installation Results window when the installation finishes.
  6. Open the Command Prompt and go to :\Program Files\IBM\WebSphere\AppServer\profiles\Dmgr01\bin.
  7. Run this command: GenPluginCfg.bat.
    The plugin-cfg.xml file will be generated at this location: C:\Program Files\IBM\WebSphere\AppServer\profiles\Dmgr01\config\cells.
  8. Create a directory under c:\, for example, c:\plugin.
  9. Copy the plugin-cfg.xml file to the c:\plugin directory.
  10. Copy iisWASPlugin_http.dll file to the c:\plugin directory.
  11. Select Start , All Programs, Administrative Tools, Internet Information Services (IIS) Manager on a Windows Server 2008 operating system. This action starts the IIS application and creates a new virtual directory for the Web site instance. These instructions assume that you are using the Default Web Site.
  12. Expand the tree on the left until you see Default Web Site.
  13. Right-click Default Web Site,Add Virtual Directory to create the directory with a default installation.
  14. Enter setPlugins in the Alias field on the Virtual Directory Alias window of the Virtual Directory Creation Wizard.
  15. Browse to the c:\plugin directory in the Physical Path field of the Web Site Content Directory window of the wizard, and then click OK.
  16. Click the Test Settings button. If the settings test fails, you can change the permissions of the physical directory. Alternatively, select Connect As, and let IIS connect as a Windows user account that has authority to files in that physical path.
  17. Click OK to add the setPlugins virtual directory to your web site.
  18. Select the setPlugins virtual directory that you just created in the navigations tree.
  19. Double-click Handler Mappings, and then click Edit Feature Permissions on the Actions panel.
  20. Select Script and Execute, if they are not already selected.
  21. Click OK.
  22. Return to the IIS Manager window, and expand the Web Sites folder in the left-hand navigation tree of that window.
  23. Select Default Web Site in the navigation tree.
  24. Complete the following steps on the Default Web Site Properties panel to add the ISAPI filter:
    1. Double-click the ISAPI Filters tab.
    2. Click to open the Add/Edit Filter Properties dialog.
    3. Enter iisWASPlugin in the Filter name field.
    4. Click Browse to select the plug-in file located in the c:\plugin\iisWASPlugin_http.dll directory.
    5. Click OK to close the Add/Edit Filter Properties dialog.
  25. Select the top level server node in the navigation tree.
  26. Double-click ISAPI and CGI Restrictions on the Features panel.
    To determine the value to specify for the ISAPI or CGI Path property, browse to, and then select the same plug-in file that you selected in the previous step. For example:c:\plugin\iisWASPlugin_http.dll.
  27. Click Add on the Actions panel.
  28. Enter WASPlugin in the Description field, select Allow extension path to execute, and then click OK to close the ISAPI and CGI Restrictions dialog window.
  29. Create the new file plugin-cfg.loc in location c:\plugin. Set the value in the plugin-cfg.loc file to the location of the configuration file. The default location is C:\plugin\plugin-cfg.xml.
Update the Web Agent
After configuring IIS 7.x, make the following changes to the web agent:
  1. Click Application pools and change the Default App Pool to Classic mode.
  2. Click Submit.
  3. Make sure the agent is higher in the ISAPI Filters priority list than the plug-in for the application server used by 
    Identity Manager
  4. Restart IIS Version 7.x and your WebSphere Application Server profile.
Complete the Configuration on IIS
After you have configured the IBM HTTP server and the proxy plug-in, you make sure the proxy plugin-cfg.xml is in the right location and perform steps to configure an additional plugin file.
Follow these steps:
  1. Copy the plugin-cfg.xml as follows:
    1. Log in to the system where the web agent is installed.
    2. Create a folder with no spaces under the C: drive. For example: C:\plugin.
    3. Copy the plugin-cfg.xml file to the C:\plugin folder.
  2. Create a file called plugin-cfg.loc in the C:\plugin folder and add the following line into the file:
  3. Download the Websphere Plugin installer from to the system where WebSphere is installed.
  4. Go to the location of the WebSphere Plugin installer.
  5. Generate the iisWASPlugin_http.dll file by using this command:
    install is:javahome "c:\IBM\WebSphere\AppServer\Java
    Respond to the questions presented based on your configuration.
    When the wizard ends, the iisWASPlugin_http.dll file is saved in the C:\IBM\WebSphere\Plugs\bin folder. Look for a 32-bit or 64-bit subfolder.
  6. Copy the iisWASPlugin_http.dll file to the C:\plugin folder on the system with the web agent.
  7. Create a virtual directory as follows:
    1. Open the IIS Manager.
    2. Right-click Default web sites.
    3. Click New virtual directory and supply these values:
      Alias: sePlugins (it is case-sensitive.)
      Path: c:\plugin
      Permission: Read + Execute (ISAPI or CGI)
  8. Add an ISAPI filter as follows:
    1. Right-click Default Web Site.
    2. Click properties.
    3. Click Add on the ISAPI filter tab.
    4. Supply these values:
      Filter name: sePlugins
      Executable: c:\plugin\ iisWASPlugin_http.dll
  9. Create a web service extension as follows:
    1. In IIS6 Manager, expand the computer name.
    2. Create a Web Service Extension and set it to allowed.
      Extension name: WASPlugin
      Path: C:\plugin\ iisWASPlugin_http.dll
    3. Right click each Web Service Extension to change it to Allowed Status.
  10. Restart the IIS Web server.
    In the master WWW service, ensure that the WebSphere plug-in (sePlugin) appears after the CA SSO® Web Agent plug-in and that the WebSphere plug-in started successfully.
Complete the Configuration on iPlanet or Apache
After you have configured the IBM HTTP server and the proxy plug-in, you make sure the proxy plugin-cfg.xml is in the right location and restart the web server.
Follow these steps:
  1. Copy the plugin-cfg.xml from the system where you installed the proxy plug-in to the following location:
  2. Ensure that the WebSphere plug-in ( is loaded after the CA SSO® Web Agent plug-in ( on all iPlanet Web Servers
  3. Check the order of plug-ins in 
    /config/magnus.conf for IPlanet 6.0 Web Servers.
  4. Copy the following lines from 
    /config/magnus.conf to 
    /config/obj.conf (IPlanet 5.x Web Serverse):
    Init fn="load-modules" funcs="as_init,as_handler,as_term" shlib="/export/WebSphere/AppServer/bin/"
    Init fn="as_init""/export/WebSphere/AppServer/config/cells/plugin-cfg.xml"
    Add the following code after AuthTrans fn="SiteMinderAgent" in the obj.conf file:
    Service fn="as_handler"
  5. Be sure that the CA SSO® Web Agent plug-in ( is loaded before the WebSphere plug-in ( on Apache Web Servers. This command is in the Dynamic Shared Object (DSO) Support section of
  6. Restart the web server.