Installed SiteMinder web agent(ca-wa-IIS7-12.0-sp3-cr010-win64.exe) in windows server 2008 r2, and IIS version 7.5. There are 2 web sites(A,B) under the IIS server, while the agent only targets to one web site A(select one website during install). I do not have a valid policy server, so input fake IP during configuration of web agent.
Then access A in browser, there is error as expected, but access B in browser, server also returns an error. CA related http modules can be seen registered in A site in IIS. none CA SiteMinder related things in Module or Handler in B site of IIS. so How does CA SiteMinder web agent work with IIS? and is it able to process request event not resisted in IIS? is there a way that only apply SSO to only one website of server with many websites?
That version was buggy. use CR12 if 12.0 SP3 Pollicy Server. If 12.5 or later use the 12.5 or later agent.
that version has the classic 6 embedded and a new module for the new pipline.
this type of question really should be answered with "go take a class, ca has many" because you did not specify a problem and thus there is no real issue to address and assist with.
Related
I am setting up ColdFusion 2018 Application server with IIS 10. But getting too many redirects issue.
I have tried from square one.. Below are the things I did.
Installed CF 2018 developer
Configure IIS (Windows 10) with CF 2018 using wsconfig.
Created a simple “index.cfm” and tried to access. This page contains just cfset and cfoutput.
got 404 error.
updated “enable 32-bit applications” to false in IIS application pool
404 error resolved, but getting “Too Many redirects issue”
enabled developer tools in IE and checked.
getting 302 status code and it seems index.cfm is redirecting to itself.
Not sure what to do now? Is there anything I missed in setting up IIS with CF 2018 server?
You can resolve this error by making sure that the two required components of IIS are installed on your system. Namely:
ISAPI Extensions
IIS Metabase and IIS 6 configuration compatibility.
First, start the program called Windows Features. You will find Windows Features under Control Panel –> Programs and Features.
When the Windows Features starts, navigate through the features hierarchy under Internet Information Services and select the two features:
(a) ISAPI extensions and
(b) IIS Metabase and IIS 6 configuration compatibility.
Configuring IIS for ColdFusion:
You will have to run the Web Server Configuration Tool that comes with ColdFusion to configure IIS so that all .CFM files are mapped to be handled by ColdFusion.
The following text is directly from the ColdFusion installation guide:
1)Start the Web Server Configuration Tool by selecting Start > Programs > Adobe > ColdFusion 9 > Web Server Configuration Tool.
2)Click Add.
3)In the Server pop-up menu, select the host name and the server or cluster name to configure. In the ColdFusion server configuration, the server name is always coldfusion. Clustering support is not available on the server configuration.
Note: The server or cluster does not have to reside on the web server computer.
4)In the Web Server Properties area, select IIS and specify the website. For IIS, you typically specify All.
5)Select the Configure web server for ColdFusion applications option, and click OK.
Note: Omitting the previous step causes your web server to serve ColdFusion source code.
6)Copy the CFIDE and cfdocs directories from cf_root/wwwroot to your web server root directory. In addition, copy your application’s CFM pages from cf_root/wwwroot to your web server root directory. In the multiserver configuration, these files are under the jrun_root/servers/cfusion/cfusion-ear/cfusion-war directory.
if you face too many redirects then just enable 32-bit applications to true.
refer this link:
https://community.adobe.com/t5/coldfusion/strange-iis-redirect-issues-leads-to-jakarta-isapi-redirect-dll/td-p/4239297?page=1
First post here. Facing a problem where on Windows 10 an Oracle Identity Access Management (IAM) Windows Native Authentication (WNA) protocol fallback to a form-based logon page always fails whenever the Microsoft Online Services Sign-In Assistant (SIA) is installed. Whenever we remove the SIA, the WNA fallback to a form-based logon page always succeeds. This error is reproducible 100% of the time. We have not tested on Windows 8 or Windows 7. I've researched it, and there is not much out there to read about the SIA; it does not look to be configurable on the client end. Really want to avoid changing up code on the IAM WNA side.
Anyone out there seen this before? This is a large enterprise network, using all Windows 10 computers, which has both Oracle IAM running for some applications as well as Microsoft Windows 2008 R2 Active Directory, to which all the Windows 10 computers are joined. We are also standardized with Office 2016 with all back-end servers supporting Office apps such as Outlook, Lync, etc. in the cloud (Office 365).
Please let me know if I need to show the Oracle IAM/WNA SSO fallback code.
The Microsoft Online Services Sign-In Assistant is not configurable. But, if all your computers are running Office 2016 you do not need it anyway and it can be safely uninstalled, which as you said will make the fallback to form-based logon page work. If you were running Office 2013 you would need it however. Office 2016 apps such as Outlook and Lync can go direct with ADFS whereas previous versions could not do this. I don't have a URL reference for you, this is based on my experience.
I have Microsoft Dynamics CRM 2016 On Premise and IFD Enabled On it.
In this situation I can not connect plugin Registration to CRM. Even I can not connect with XRMtoolbox.
My problem is what is Home Realm URL?
Unable to Login to Dynamics CRM
An Error occurred while processing the login request.
Try removing all your 3rd party plugins except the plugging registration tool.
Also there is a plugin registration tool from Microsoft in the CRM SDK download that you can use as well.
Do yourself a favor and download the CRM 2011 SDK. In the bin folder is the plug-in registration tool. The new version released in 2013+ is complete garbage with bugs that Microsoft Support is not interested in fixing.
That said, I don't think you can "Use Default Credentials" with IFD. For the server you should just put organizationName.domainname.tld. For user name use your UPN or domain\username. Don't use both the domain and user name fields unless you're using integrated authentication.
The Problem is In adfs Endpoints. After you Install IFD on CRM You want a Important Endpoint That Named "Mex".
For Solve The Problem First go to ADFS Management and go to endpoints and Click on adfs/services/trust/Mex and click on Enable and Enable on proxy for this Endpoint. after that reset the iis and adfs service.
Then You can Browse that enpoint with https://service.contoso.com/adfs/services/trust/mex.
if you See the Metadata Xml Document Now You Can Connect With Any Tool Like Portal, Plugin Registration, Xrmtoolbox, etc.
but If you Don't see this metadata use this Command in Power shell to Change The Adfs Port.
Set-ADFSProperties –nettcpport: 809
i Choose 809 for My Port And You Can choose any port you want Except 443 or 80 or 90, Then like before Restart The IIS and Restart ADFS Service and then you Can see metadata And You Can Connect With Any Application to CRM 2016 On Premise IFD Mode.
At The End Of this Answer You can See My Metadata Page And My Connected Plugin Registration Tool Pictures.
If You Have Any Question You Can Ask it From Me.
I have site minder installed on IIS7 and I am running ASP.NET site on the sever. It appears that Site minder SSO fails to protect ASP.NET MVC requests. It appears that all ASP.NET requests are processed by ASP.NET isapi filter which prevent Siteminder isapi filter from running. How can I make siteminder SSO work for protect my ASP.NET MVC site? Is there a way I can force isapi filter for Siteminder SSO to be loaded before ASP isapi filter?
The solution for us was to list the SiteMinder web agent ISAPI handler followed by the MVC ISAPI handler, in that order, in your web.config file.
I posted the code fragment here.
Have you tried ordering ISAPI filters in IIS? I have not done it with Win2008 IIS7, but with Windows 2003, SiteMinder agent installer reorders the filters. You should be able to check it in IIS Manager and reorder. SiteMinder filter should be on the top.
I had the same problem on my MVC-2 site enenthough the virtual folder was protected by siteminder.
Finally figured out what the issue was.
Changed the Application Pool mode to Classic from Integrated and voila! problem solved.
We have the same problem for MVC3 on IIS7 and we need to use Integrated Mode. Our solution is to use combination IHttpModule and Handler (.axd) but it is now uncessary since the new version of siteminder has IIS7WebAgent.dll which is a integrated MODULE instead of ISAPI filter (ISAPI6WebAgent.dll). I tested this and confirmed its working, it was able to protect all our MVC url and we can also read HTTP Header created by siteminder such as SM_USER from the MVC pipeline.
The siteminder version I tested is R12 SP 3. If your planning to use IIS7WebAgent.dll, you need to remove all occurances of ISAPI6WebAgent.dll on "Handler Mappings", "ISAPI & CGI Restrictions" and "ISAPI Filter" on IIS to make sure its not complicting.
Why is my ASP.net MVC site not serving pages on Windows Server 2008? The website is running under an application pool that has the .net framework 4.0 in integrated mode. It serves .htm files with no problem. However, when I try to view any of the MVC pages I get a page saying "Internet Explorer cannot display the webpage." How can I troubleshoot this?
Server 2008 with IIS 7 you need to look at the website in question and go to the HandlerMappings settings. You need to make sure that the .Net mappings are set to enabled.
I found out what the problem was. This was a pain to track down. The server hosts 2 websites. The HTTPS bindings were not associated with the IP address for the website. Instead, the IP binding was set to "All unassigned".
The solution was to associate the HTTPS binding with the website's IP address.