0% found this document useful (0 votes)

129 views69 pages

Agents Installation and Configuration Guide

Uploaded by

bgardan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

129 views69 pages

Agents Installation and Configuration Guide

Uploaded by

bgardan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 69

AGENTS INSTALLATION

AND CONFIGURATION GUIDE

SIGN&GO

Contact
ILEX
51 boulevard Voltaire
92600 Asnières-sur-Seine
Telephone: +33 1 46 88 03 40
Fax: +33 1 46 88 03 41

[email protected]
www.ilex-international.com

Legal information
Sign&go is a registered trademark of Ilex. All other trademarks mentioned in this document are the
property of their respective owners.
This document is provided for information purposes only. Ilex provides no guarantee nor accepts any
liability for the information contained in this document. All information and data in this document may
be modified at any time without prior notice.
In accordance with article L. 122-4 of the Code de la Propriété Intellectuelle (French intellectual
property law), any full or partial reproduction, representation or distribution of this document by any
means whatsoever, without the express permission of Ilex, is prohibited and constitutes a breach of
the law that can result in prosecution under Articles L 335 - 2 and subsequent articles of the Code de
la Propriété Intellectuelle (French intellectual property law).

Copyright Ilex 2015. All rights reserved.

Ilex Agent installation and configuration guide Page 2/69

Sign&go

TAB LE OF C ONT EN TS

TABLE OF CONTENTS ........................................................................................ 3

1 FOREWORD ................................................................................................ 5
2 OVERVIEW.................................................................................................. 6
2.1 Definition .............................................................................................................. 6
2.2 Supported platforms and servers ...................................................................... 6
2.3 Characteristics of the various agents ................................................................ 6
3 AUTOMATIC INSTALLATION USING THE INSTALLER PROGRAM ......................... 10
3.1 Security and choice of installation directory .................................................. 10
3.2 Launching the installer ..................................................................................... 10
3.3 Choice of language ........................................................................................... 12
3.4 Introduction........................................................................................................ 12
3.5 License agreement ............................................................................................ 12
3.6 Choice of components ...................................................................................... 13
3.7 Choice of installation directory ........................................................................ 14
3.8 Choice of installation type ................................................................................ 14
3.9 Agent name ........................................................................................................ 15
3.10 Location of the server ....................................................................................... 16
3.11 Location of Apache ........................................................................................... 16
3.12 Pre-installation summary .................................................................................. 17
3.13 Installation.......................................................................................................... 18
3.14 Installation complete ......................................................................................... 18
3.15 Post installation tasks ....................................................................................... 19
4 MANUAL INSTALLATION OF THE AGENTS ...................................................... 22
4.1 Apache 1.3 on Linux .......................................................................................... 22
4.2 Apache 1.3 on Windows.................................................................................... 24
4.3 Apache 1.3.19 on zLinux ................................................................................... 27
4.4 Apache 2.0 on Linux .......................................................................................... 28
4.5 Apache 2.0 on 64 bit Linux ............................................................................... 30
4.6 Apache 2.0 on Windows.................................................................................... 30
4.7 Apache 2.0.49 on zLinux ................................................................................... 33
4.8 Apache 2.2 on Linux 32 bits ............................................................................. 33
4.9 Apache 2.2 on Linux 64 bits ............................................................................. 33
Ilex Agent installation and configuration guide Page 3/69
Sign&go

4.10 Apache 2.2 on Windows.................................................................................... 33

4.11 Apache 2.2 on 32 bit SPARC Solaris ............................................................... 33
4.12 Domino 6.0.3 and 6.5 on AIX 5.2....................................................................... 33
4.13 Domino 6.x on Windows ................................................................................... 38
4.14 Microsoft IIS 4-5-6 on Windows........................................................................ 41
4.15 Microsoft ISA Server 2000 on Windows .......................................................... 48
4.16 Microsoft ISA Server 2004 on Windows .......................................................... 48
4.17 Microsoft ISA Server 2006 on Windows .......................................................... 49
4.18 Netscape/IPlanet/Sun One Proxy Server on Solaris ....................................... 49
4.19 Netscape/IPlanet/Sun One proxy server on Windows .................................... 51
4.20 Netscape/IPlanet/Sun One Web Server on Solaris ......................................... 54
4.21 Netscape/IPlanet/Sun One Web Server on Windows ..................................... 56
5 CONFIGURATION ....................................................................................... 60
5.1 Installation review ............................................................................................. 60
5.2 Composition of the configuration file .............................................................. 60
5.3 Operational parameters, section <Agent>...</Agent> .................................... 60
5.4 Relationship with the security servers ............................................................ 65
5.5 List of URLs to filter <FilteredUrls>...</FilteredUrls> ..................................... 67

Ilex Agent installation and configuration guide Page 4/69

Sign&go

1 FOREWORD
This document is an installation and configuration guide for the various Sign&go agents. It describes
how to install and configure a Sign&go agent on the Windows and UNIX platforms as well as
integration with various Web and proxy servers.

It describes the installation (page 10) and generic configuration (page 60) for the various agents. In
addition, a large part of this document is dedicated to the description of manual installation methods
for some of the elements (page 22).
The installation and configuration of the ‘Ilex Proxy Server’ is detailed in another document. Please
refer to the .PDF documents provided with the installation CD.

Ilex Agent installation and configuration guide Page 5/69

Sign&go

2 OVERVIEW
2.1 Definition
This installation concerns the Web and Proxy integration components. These components intercept
the server HTTP requests and validates the permissions against the Sign&go security server. These
components, called agents, are available on various platforms.

2.2 Supported platforms and servers

The various Web and proxy servers that are supported are as follows:
 Apache 1.3 on Windows and Linux platforms.
 Apache 1.3.19 on AIX and Z/Linux platforms.
 Apache 2.0 on Windows and both 32 and 64 bit Linux platforms.
 Apache 2.2 on Windows and both 32 and 64 bit Linux platforms.
 Apache 2.2 on Solaris 32 bit SPARC Platform.
 Apache 2.0.47 on the AIX platform.
 Apache 2.0.49 on the Z/Linux platform.
 Domino 6.0.3 and 6.5 on the AIX 5.2 platform.
 Domino 6.x on the Windows platform.
 Ilex Proxy Server on Linux, Solaris SPARC and Windows platforms.
 Microsoft IIS 4-5-6 on Windows platforms.
 Microsoft ISA Server 2000 and 2003 (Install the same agent as for IIS)
 Microsoft ISA Server 2004 (the agent for ISA Server 2004 is not the same as for IIS)
 Microsoft ISA Server 2006 (for ISA 2006 install the same agent as for ISA Server 2004)
 Netscape/ IPlanet/ Sun One Web Server on Solaris SPARC and Windows platforms.
 Netscape/ IPlanet/ Sun One Proxy Server on Solaris SPARC and Windows platforms.
 Netscape/ IPlanet/ Sun One Proxy Server 3.x on Solaris SPARC platforms.
 Sun One Proxy Server 4.x on Solaris SPARC platforms. Note: The same agent as for the ‘Sun
One Web Server’ must be installed because from v4.0 (inclusive) the proxy uses the same
software architecture as the Web server.

2.3 Characteristics of the various agents

In order to apply the behaviours dictated by the security policies, the agent intervenes and acts on the
HTTP requests that it intercepts. The actions that can be carried out are determined by the host server
(Web or proxy) via the programmatic interfaces that it offers. All the various servers on the market do
not offer the same capabilities; this translates into some functionalities not being feasible with certain
host servers. The following paragraphs describe these limitations.

2.3.1 Apache
Apache does not permit using the pathmapping (dynamic URL modifications) and user
authentication by client certificate in SSL functions at the same time. The <CertInfo> configuration
parameter enables choosing which of these two functions to implement.

Ilex Agent installation and configuration guide Page 6/69

Sign&go

Sign&go agents for Apache 2.2 and 2.4 Linux must be installed on a 2.6 Linux kernel minimum

2.3.2 Netscape/ IPlanet/ Sun One proxy servers

These proxy servers do not allow the agent to modify or add HTTP headers in the responses sent to
the client.
From a functional point of view, this translates into the following constraints:
 The Sign&go token cannot be refreshed during user activity, and so the global Sign&go
configuration parameter named Session token inactivity timeout is inoperative. The value of this
parameter must be identical to the Session token TTL (absolute) parameter.
 The following behaviours cannot be used in authorisation policies:
 Add HTTP header to the response.
 Logout.
 Add custom parameters.

In addition, where SSL certificates are concerned, only the following data is available:
SUBJECT_DN, ISSUER_DN and KEYSIZE.
In particular, the SERIALNUMBER of the client’s certificate is NOT accessible.

2.3.3 Domino
If the HTTP request contains a Basic HTTP identifier/password (authorisation: HTTP header),
Domino tries to validate this identifier/password against its internal repository before anything else. If it
does not find any user having this identifier/password pair, it refuses the request even if the resource
(the URL) is not protected.
From a functional point of view, this translates into the following constraints:
 In the following behaviours, the identifier/password pair used to authenticate the user by Sign&go
must be identical to that of a user in the Domino repository:
 Basic HTTP SSO login

2.3.4 Agents for IIS and ISA Server

An agent for IIS or ISA Server can be configured to operate in two different modes:
 Authorisation agent: this is the agent’s typical operating mode for protecting resources by
applying security, policies notably to carry out access control and SSO.
 Authentication agent: in this operating mode, the agent enables Sign&go to carry out primary
authentication of the browser user based on the Windows login session. This corresponds to
‘NTLM’ or ‘Kerberos’ type authentication schemas in the Sign&go administration. Due to a
specific protocol between the browser and the server (IIS or ISA Server), the browser transmits
the user login (associated with the client post’s current login session) to the server. At the end
of this exchange, the agent retrieves the user’s login and sends it to the security server in order
to carry out the primary authentication based in their login.

An agent’s operating mode is determined by the <Role> configuration parameter in the agent’s
configuration file (see paragraph ‘Role of the ISAPI filter, <Role>’ on page 63).
The installation program always configures the agent in ‘Authorisation agent’ mode (Role=0).
To implement both the authorisation and authentication functions, the same agent must be installed
TWICE on the same IIS or ISA Server, as described below.

Ilex Agent installation and configuration guide Page 7/69

Sign&go

2.3.4.1 Installing an Authorisation agent

To install a single agent in ‘Authorisation agent’ mode, simply perform a normal installation. The
installation program always configures the agent in ‘Authorisation agent’ mode, in other words, with
the <Role> parameter set as follows:
<Role>0</Role>

2.3.4.2 Installing an Authentication agent

To install a single agent in ‘Authentication agent’ mode, perform a normal installation as described in
this document, and then modify the <Role> parameter as follows:
<Role>1</Role>

2.3.4.3 Installing two agents on an IIS or ISA Server 2000

To install two agents simultaneously on a version of ISA Server below 2004 (ISA Server 2004 not
included), proceed in the following manner:
1. Installation of the authorisation agent
Install the agent according to the installation program’s instructions. No further configuration is
required.
2. Installation of the authentication agent
Manually install a second instance of the agent by proceeding as follows:
1. Copy the ‘.dll’ and ‘.xml’ files installed during step 1 above. Give them new names, respecting
the following rules:
The new files must have the same name but different extensions. For example: ‘sngA2.dll’ and
‘sngA2.xml’.
2. In the copied ‘.xml’ file, replace the <Role>0</Role> parameter with <Role>1</Role>. Do not
forget to change the other parameters relating to the agent, especially the value of the
<NAME> parameter.
3. In the ISA Server, manually integrate the new ‘.dll’ file as a new ‘Web filter’. See the
corresponding paragraph within this document.
3. Configuration of Sign&go
See below.

2.3.4.4 Installing two agents on an ISA Server 2004/2006

In Microsoft terminology, a Sign&go agent for IIS or ISA Server is called a ‘Web filter’.
To carry out both authorisation and authentication by Sign&go with the same ISA Server, the same
agent must be installed TWICE, once as an Authorisation agent and once as an Authentication agent.
Proceed as follows:
1. Installation of the authorisation agent
Install the agent according to the installation program’s instructions. No further configuration is
required.
2. Installation of the authentication agent
Manually install a second instance of the agent by proceeding as follows:
1. Copy the ‘.dll’ and ‘.xml’ files installed during step 1 above. Give them new names, respecting
the following rules:
 The new files must have the same name but different extensions. For example:
‘sngAgAuth.dll’ and ‘sngAgAuth.xml’
 The new filenames MUST imperatively contain the string ‘auth’ in their names, each letter
can be either uppercase or lowercase (e.g. sngAgAuth.dll)
2. For these versions of ISA Server, the agent’s ‘.dll’ file must be registered in the Windows
registry. To do this, execute the following command from within the directory containing the
agent’s ‘.dll’ file:
regsvr32 AgentDLLFile

Ilex Agent installation and configuration guide Page 8/69

Sign&go

where AgentDLLFile is the full name of the agent’s ‘.dll’ file

3. In the copied ‘.xml’ file, replace the <Role>0</Role> parameter with <Role>1</Role>. Do not
forget to change the other parameters relating to the agent, especially the value of the
<NAME> parameter.
4. In the ISA Server, manually integrate the new ‘.dll’ file as a new ‘Web filter’. See the
corresponding paragraph within this document.
3. Configuration of Sign&go
1. This section provides soma advice on the configuration of Sign&go where two agents are
installed on the same server:
2. Create two ‘authentication’ schemas of type ‘NTLM’ and ‘Kerberos’ respectively. Create an
‘authentication list’ containing the created schemas. In the Sign&go administration, define two
distinct Web agents, one for authorisation and one for authentication. Associate the
‘Authentication list’ created above to the authentication agent (Do not forget to add the agents
to the relevant ‘Authorisation zone’).
3. Define a URL for the authentication to which the users will be directed if they do not possess a
valid Sign&go token.
4. Define an authorisation policy having the following characteristics:
 Applied by the authorisation agent, on the authentication URL.
 Add a rule authorising access in all cases.
5. Define an authorisation policy having the following characteristics:
 Applied by the authentication agent on the authentication URL.
 Has a rule with a ‘Create session token’ type criteria defined.
 Has the desired OK and KO behaviours defined (for example, redirects to a portal in the
case of success or ‘Access refused’ in the case of failure).

Ilex Agent installation and configuration guide Page 9/69

Sign&go

3 AUTOMATIC INSTALLATION USING THE INSTALLER PROGRAM

Installation of the agents can be carried out in two ways:
 Automatically, via the installation program provided on the Sign&go installation CD (see below).
 Manually, using raw files (see page 22).

NOTE: Even with the automatic method, certain agents require some manual operations to
complete their installation. All of the operations and the list of agents which require manual
modification are referenced in “Post installation” on page 19.

3.1 Security and choice of installation directory

NOTE: It is strongly recommended that you read this section before starting the installation.
The choice of the agent’s installation directory requires a level of consideration on some host servers.
The Sign&go agent accesses the hard-disk for the following reasons:
 Reading its configuration file
The agent reads its configuration file at start-up and periodically during its operation.
 Creation and writing of its log files
Even if the trace log mask is set to ‘0’ (<AgentLogMask> configuration parameter), the agent logs
certain events/information in the log files.
Disk access is as follows:
 During start-up (often under a privileged account such as ‘root’ or ‘SYSTEM’), and:
 During normal operation. For certain host servers such as IIS (Windows) or Apache on Linux,
these disk accesses are carried out under a user account specifically created for the purpose. For
security reasons, this account should have a level of privileges as low as possible.
Taking the above elements into account, whichever directories are used for the configuration and log
files, the access rights to these directories must be defined in such a way as to ensure the account
used by the server has the following rights:
 Read privilege on the agent’s configuration file directory.
 Write and Execute privileges on the agent’s log files directory.

In all cases, whether or not the host server uses a specific account, for reasons of security it is highly
recommended to create a directory reserved exclusively for the agent’s log files due to the fact that the
server must access it for both reading and writing.

3.2 Launching the installer

The various Sign&go agent installers reside on the CD-Rom in the agents directory. The installation
files in this directory have the following nomenclature: agents_5.0_platformVM where:
 platform is one of ‘Windows’, ‘Solaris’, ‘Linux’ or ‘Java’ and indicates the installer’s target operating
system. ‘Java’ indicates any other platform that has a Java virtual machine installed;
 VM is either ‘VM‘ or ‘NoVM‘ and indicates whether the installer contains a Java Virtual Machine
(JVM) or not.

Note: installation programs for AIX and Generic Linux are supplied without a ‘Virtual Machine’
(i.e., NoVM), for all other platforms a ‘Virtual Machine’ is embedded in the installer (i.e., VM).

Ilex Agent installation and configuration guide Page 10/69

Sign&go

In cases where the target server already has a JVM installed, it must be at least version 1.5 (applies to
AIX and Generic Unix only).

3.2.1 Windows 2003 compatibility

From Sign&go version 3.2, the security server installs natively on Windows 2003 and no longer needs
to be installed in ‘compatibility mode‘.

3.2.2 Windows Vista compatibility

To install the Security Server on Windows Vista, the installation program must be executed in
compatibility mode:
 Right-Click on the ‘install.exe’ file and select ‘Properties’,
 Click on the ‘Compatibility’ tab,
 In the ‘Compatibility Mode’ section, select the ‘Run this program in compatibility mode for :’ check-
box,
 Select ‘Windows 2000’ from the list-box,
 Click ‘OK’,
 Run the file.

In addition, on some systems, ‘Data Execution Prevention’ mode must be de-activated:

 Open the ‘Control Panel’,
 Double-Click the ‘System’ icon,
 Select the ‘Advanced System Settings’ task link in the left hand pane,
 If necessary, click ‘Continue’ on the ‘User Account Control’ dialogue box,
 Select the ‘Advanced’ tab on the ‘System Properties’ dialogue box and click on ‘Settings’ in the
‘Performance’ section,
 Select the ‘Data Execution Prevention’ tab,
 Select the ‘Turn on DEP for all programs and services except those I select’ radio-button,
 Finally, click the ‘Add’ button and browse to the location of the Sign&go Agents installation
program to add it to the list.

3.2.3 UNIX shared memory

The agents running on UNIX use shared memory (apart from the Netscape/IPlanet/Sun One Web
Server and Netscape/IPlanet/Sun One Proxy Server agents), therefore the systems needs to be
configured accordingly
The following parameters must be updated in /etc/system:
 Shmmin : 1
 shmmax 65536 (This parameter’s minimum value must be equal to the size of the agent’s cache +
5000),
 shmseg 8.
If the agent is not able to allocate shared memory, it will log an error as soon as its host server starts
up.

Ilex Agent installation and configuration guide Page 11/69

Sign&go

3.3 Choice of language

Once the installation has started, choose between English or French for the installation language.
Throughout the rest of this document the installation will carried out in English and in graphical mode.

3.4 Introduction
Once the installation has started, read the instructions then click Next.

3.5 License agreement

Read attentively the product licence, if you accept the terms, click Next.

Ilex Agent installation and configuration guide Page 12/69

Sign&go

3.6 Choice of components

The choice of components depends upon the installation platform.

VERY IMPORTANT: before continuing the installation and to be sure of which agents to install,
please refer to section 2.2 ’Supported platforms and servers’ on page 6; if not, you run the risk
of installing an agent that it unsuitable for the target platform.
Choose the type of agent then click Next.

Ilex Agent installation and configuration guide Page 13/69

Sign&go

3.7 Choice of installation directory

Choose the installation directory for the Sign&go agent. Click Next

Note: For the Microsoft ISA Server agent, the agent must be installed in the Microsoft ISA
Server directory.

3.8 Choice of installation type

This section proposes an automatic or manual installation on the IIS of your choice (from amongst
those installed on this machine):
 by choosing Automatic, the agent will be installed without intervention on your part. You will only
be asked to provide the name of the Web site on which the agent will be installed,
 by choosing Manual, you must install the agent by referring to the Microsoft IIS 4-5-6 on Windows
section on page 41.
Once the installation type has been selected, click on Next.

Ilex Agent installation and configuration guide Page 14/69

Sign&go

3.9 Agent name

Choose the agent name that will be pre-configured in the agent configuration file, as well as the
password that will be associated with this agent.

Note: These two parameters (Name and Password) serve as the ‘login’ to the security server
and therefore must be identical to those specified in the Sign&go security server’s
configuration. Please refer to the agent configuration documentation for more information.

Once the parameters have been entered, click Next.

Ilex Agent installation and configuration guide Page 15/69

Sign&go

3.10 Location of the server

Enter the IP address or the DNS hostname of the security server along with its TCP access port. See
the section “Number of connections, <nCnx>” on page 65 for more information on the Number of
connections.

In order to communicate with the security server, the agent’s details must be entered in the
Sign&go configuration with the aid of the Sign&go administration.

Once the parameters have been entered, click Next.

3.11 Location of Apache

This section is only available if the installation concerns an agent for Apache 1.3 or 2.0 on Windows or
Linux platforms. If this is the case, enter:
The directory containing the Apache configuration file (‘httpd.conf’):

Ilex Agent installation and configuration guide Page 16/69

Sign&go

The directory containing the Apache module files:

This information is used when installing the Apache 1.3 or 2.0 or 2.2 agents on Windows or Linux
platforms automatically.
Enter each directory name then click Next.

3.12 Pre-installation summary

A summary of the installation options is presented. Verify that they are correct and click on Install to
start the installation.

Ilex Agent installation and configuration guide Page 17/69

Sign&go

3.13 Installation
The progress of the installation is shown with the aid of a progress bar.

3.14 Installation complete

Once the installation has terminated, click Done.

Ilex Agent installation and configuration guide Page 18/69

Sign&go

3.15 Post installation tasks

3.15.1 Agent IIS
If the installation carried out was Automatic and for the IIS agent, the following dialogue box enables
entering the name of the site on which the agent is to be installed:

Select the Web site that the agent should be installed on:

Click on Install to start the installation.

Ilex Agent installation and configuration guide Page 19/69

Sign&go

The IIS agent is now installed.

To verify that the installation has been successful, refer to the section “Verifying the installation” in
chapter “Microsoft IIS 4-5-6 on Windows” on page 47 of this document.

3.15.2 Domino 6.x on Windows

When installing the agent for Domino 6.x on Windows, the installer only copies the files required for
the installation into the directory specified in the step “Choice of installation directory”. Therefore the
installation must be completed manually as described in section ”Domino 6.x on Windows” on page
38.

3.15.3 Netscape/ IPlanet / Sun One Proxy Server on

Solaris and Windows
When installing the agent for Netscape/ IPlanet/ Sun One Proxy Server, the installer only copies the
files required for the installation into the directory specified in the step “Choice of installation directory”.

3.15.3.1 Solaris Platform

Once the installation files have been copied to the installation directory, proceed to the manual
installation described in section “Netscape/IPlanet/Sun One Proxy Server on Solaris” on page 49.

3.15.3.2 Windows Platform

Once the installation files have been copied to the installation directory, proceed to the manual
installation described in section “Netscape/IPlanet/Sun One proxy server on Windows” on page 51.

3.15.4 Netscape/ IPlanet/ Sun One Web Server on Solaris

and Windows
When installing the agent for Netscape/ IPlanet/ Sun One Web Server, the installer only copies the
files required for the installation into the directory specified in the step “Choice of installation directory”.

3.15.4.1 Solaris Platform

Once the installation files have been copied to the installation directory, proceed to the manual
installation described in section “Netscape/IPlanet/Sun One Web Server on Solaris” on page 54.

Ilex Agent installation and configuration guide Page 20/69

Sign&go

3.15.4.2 Windows Platform

Once the installation files have been copied to the installation directory, proceed to the manual
installation described in section “Netscape/IPlanet/Sun One Web Server on Windows” on page 56.

Ilex Agent installation and configuration guide Page 21/69

Sign&go

4 MANUAL INSTALLATION OF THE AGENTS

4.1 Apache 1.3 on Linux
4.1.1 Prerequisites
This chapter is dedicated to the integration of the agent for Apache 1.3 after its installation on Linux.
The Sign&go agent operates with Apache version 1.3.22 and later.
Install the Apache 1.3 server if it is not already on the machine.
The installation package is available from the following URLs:
 http://www.apache.org

In the following sections, it is assumed that Apache is installed in the directory $APACHE13. In the
following commands, replace $APACHE13 by the path where the Apache server has actually been
installed.
The steps required to integrate the Sign&go agent with Apache are as follows:
 Stop the server,
 Copy the files,
 Configure the agent,
 Edit the configuration file,
 Restart the server,
 Verify the installation.

Each of these steps is described below.

Note: The integration of the agent for Apache 1.3 on Linux with the Web server is automated by
scripts during the installation. Therefore all that is required is to indicate the name of the
directories where the configuration files and the Apache modules are located (see “Location of
Apache” on page 16). If the installation has been successfully carried out, there is no need to
read the rest of this chapter.
.

4.1.2 Stopping the Web server

 Enter the following at a command prompt:

cd $APACHE13/bin
./apachectl stop

4.1.3 Copying files

Start the Sign&go Agent installation (see “Automatic installation using the installer program” on page
10). After having selected the component Apache 1.3 Linux, you will be asked for the location of the
file httpd.conf (by default in the $APACHE13/conf/) and Apache’s modules directory (by default
$APACHE13/modules/).
At the end of the installation, verify that the following files have been copied to the Apache server’s
modules directory:
 sngapa13linux.so,
Ilex Agent installation and configuration guide Page 22/69
Sign&go

 sngwebag.xml.
The filter for Apache server 1.3 on Linux has been compiled with gcc, therefore the associated
libraries libc.so, ld-linux.so are required in order for it to operate.
For the rest of this section it is assumed that Apache’s modules are located in the
$APACHE_MODULES directory.

4.1.4 Configuring the agent

Configure the various parameters in the sngwebag.xml file by referring to the “Configuration” chapter
on page 60.

4.1.5 Configuring Apache

 Edit the server’s configuration file httpd.conf located in $APACHE13/conf.
 Add the following to the end of the LoadModule directives already present:

LoadModule sngwebag_module $APACHE_MODULES/sngapa13linux.so

 Add the following to the end of the AddModule directives already present:

AddModule mod_sngwebag.c

Note 1: In the case where the AddModule directive does not exist or where Apache has been
installed and recompiled, the AddModule directive may be unnecessary.

Note 2: A parameter named SNGAGENTdir exists which enables defining the location where
the agent will look for the .xml configuration file (as well as the directory where the logs will be
written). This parameter should be placed in the httpd.conf configuration file. For example:

SNGAGENTdir /NewSnGDir

It enables placing the .xml configuration file in a different directory from the default one
(/etc/signandgo). This parameter is optional, if it does not exist, the .xml configuration file is
expected to be in the default directory: /etc/signandgo.

These different modifications to the httpd.conf file are given as examples. Installation of the Sign&go
agent generates a file named sng.conf which groups all of these modifications together.
In the case whereby Apache is used for authentication by client certificate, mod_ssl must be
configured to make the certificate data available. The following lines give an example of the directives
that need to be added to the configuration file:

<Location /auth/certif.html>
SSLVerifyClient require
SSLOptions +StdEnvVars
</Location>

4.1.6 Restarting the server

 Enter the following at a command prompt:

Ilex Agent installation and configuration guide Page 23/69

Sign&go

cd $APACHE13/bin
./apachectl start"

4.1.7 Verifying the installation

The Sign&go filter for Apache 1.3 is now installed on the machine.
If the Apache server gives errors when starting from a command line, verify the file sngwebag.xml. If
the error persists, restart the installation procedure step by step.

Warnings:
Depending upon the configuration of the Apache server, the following cases could arise:
 After an automatic installation of the Apache 1.3 server, the following message may appear during
starting of the server:

[warn] module mod_sngwebag.c already added, skipping

This is a harmless message that can be ignored. The installer can not avoid this message because it
depends on the Apache server type. It is an inherent consequence of the order of certain commands
(LoadModule and AddModule) in the server’s configuration file httpd.conf. If desired, the messages
can be prevented by performing a manual installation of the filter. This way the commands will be in an
order adapted to the type of server installed.
 If the installed version of Apache has been recompiled, the DSO (Dynamic Shared Object) support
might not be active. In this case, the Apache server can not accept external modules. The agent
cannot be installed in an Apache version that does not support external modules.
To recompile a version of Apache that accepts external modules, refer to the Apache Web server
documentation.

Here is the simplified method for compiling Apache, where PREFIX is the installation directory and NN
is the sub-version:

gzip –d apache_1.3.NN.tar.gz
tar xvf apache_1.3.NN.tar
./configure –-prefix=PREFIX –-enable-rule=SHARED_CORE –-enable-module=most
\
–-enable-shared=max
make
make install

4.2 Apache 1.3 on Windows

4.2.1 Prerequisites
This chapter is dedicated to the post-installation manual integration of the agent for Apache 1.3 on
Windows.
The Sign&go agent operates with Apache version 1.3.22 and higher.
Install the Apache server 1.3 if it is not already installed on the machine.
The Apache installation package is available at the following URL:
 http://www.apache.org

Ilex Agent installation and configuration guide Page 24/69

Sign&go

In the following sections it is assumed that the Apache server is installed in $PATH (by default $PATH
= “C:\Program Files\Apache Software Foundation\Apache1.3”). In the commands described
below, replace $PATH with the pathname of the Apache server installation.

Note: Integration of the agent with the Apache server can be carried out automatically during
the setup by choosing an automatic installation (See “Choice of installation type” on page 14)
for further details.

The steps required to integrate the Sign&go agent with Apache are as follows:
 Stop the server,
 Copy the files,
 Configure the agent,
 Edit the configuration file,
 Restart the server,
 Verify the installation.

Each of these steps is described below

4.2.2 Stopping the Web server

Stopping the server can be done:
 Graphically via the Apache system service,
 via a command prompt with a standard Apache installation.

4.2.2.1 Graphically as a system service

If the Web server was installed as a Windows system service:
 Open the Services applet in the Control Panel (Start / Settings / Control Panel / Administrative
Tools / Services),
 Stop the corresponding system service (Called Apache by default if only one server is installed),
 To continue, go to the section “Copying the files” on page 25.

4.2.2.2 Using the command prompt in standard installation mode

If the server has been started manually via a command line:
 Enter the following at a command prompt:

cd $PATH
apache -k stop

No messages appear,
 To continue, go the section “Copying the files” on page 25.

4.2.3 Copying the files

Start the Sign&go Agent installation (see “Automatic installation using the installer program” on page
10). After having selected the component Apache 1.3 Win32, you will be asked for the location of the
Ilex Agent installation and configuration guide Page 25/69
Sign&go

file httpd.conf (by default in the $PATH/conf/) and Apache’s modules directory (by default
$PATH/modules/).
At the end of the installation, verify that the following files have been copied to the Apache server’s
modules directory:
 sngapa13w32.dll,
 sngapa13w32.xml.
To continue, go to the next step.

4.2.4 Configuring the agent

Configure the various parameters in the sngapa13w32.xml file by referring to the “Configuration”
chapter on page 60.

4.2.5 Configuring Apache

 Edit the server configuration file httpd.conf (located in $PATH\conf) and add two new directives:

Note: Use forward slashes (“/”) and not backslashes in the pathnames of files (“\”).

 Add the following to the end of the LoadModule directives already present:

LoadModule sngwebag_module modules/sngapa13w32.dll

 Add the following to the end of the AddModule directives already present:

AddModule mod_sngwebag.c

<Location /auth/certif.html>
SSLVerifyClient require
SSLOptions +StdEnvVars
</Location>

4.2.6 Restarting the Web server

Starting the Web server can be done:
 Graphically via the Apache system service,
 via a command prompt with a standard Apache installation.

4.2.6.1 Graphically as a system service

If the Web server was installed as a Windows system service:
 Open the Services applet in the Control Panel (Start / Settings / Control Panel / Administrative
Tools / Services),
 Start the corresponding system (Called Apache by default if only one server is installed),
Ilex Agent installation and configuration guide Page 26/69
Sign&go

 To continue, go to the section “Verifying the installation” on page 27.

4.2.6.2 Using the command prompt in standard installation mode

If the server has been started manually via a command line:
 Enter the following at a command prompt:

cd $PATH
apache -k start

No messages appear,
 To continue, go the section “Verifying the installation” on page 27.

4.2.7 Verifying the installation

The Sign&go filter for Apache 1.3 is now installed on the machine.
If the Apache server gives errors when starting from a command line or the Windows system service
cannot keep the Apache service running, verify the file sngapa13w32.xml. If the error persists, restart
the installation procedure step by step.

[warn] module mod_sngwebag.c already added, skipping

The message is just a warning and can be ignored; it is a consequence of the order in which the
Apache modules are loaded (LoadModule and AddModule) in the httpd.conf file and which the
installer has no control over. The messages can be avoided by performing a manual installation of the
filter which results in the commands being in a suitable order for the type of Apache server.

 Additionally, another message can be displayed during start-up from the command line:

[warn] Loaded DSO sngapa13w32.dll uses plain Apache 1.3 API, this module
might crash under EAPI! (please recompile it with -DEAPI)

This comes from the fact that the Apache server (on Windows only) thinks that “EAPI” is not used. The
Apache server is incorrect in displaying this message because EAPI is just an extension of the
Apache API and is not mandatory. The use of EAPI or otherwise has no effect on the stability of the
server.

 If the installed version of Apache has been recompiled, the DSO (Dynamic Shared Object) support
might not be active. In this case, the Apache server cannot accept external modules. The agent
cannot be installed in an Apache version that does not support external modules.
To recompile a version of Apache that accepts external modules, refer to the Apache Web server
documentation.

4.3 Apache 1.3.19 on zLinux

A Sign&go agent for Apache 1.3.19 on zLinux (Linux on IBM zSeries) is installed in the same way as
for Apache 1.3. Refer to “Apache 1.3 on Linux” on page 22 for details.
Ilex Agent installation and configuration guide Page 27/69
Sign&go

4.4 Apache 2.0 on Linux

4.4.1 Prerequisites
This chapter is dedicated to the post-installation manual integration of the agent for Apache 2.0 on
Linux.
The Sign&go agent operates with Apache version 2.0.41 and higher.
Install the Apache server 2.0 if it is not already installed on the machine.
The Apache installation package is available at the following URL:
 http://www.apache.org
In the following sections, it is assumed that Apache is installed in the directory $APACHE20. In the
following commands, replace $APACHE20 by the path where the Apache server has actually been
installed.
The steps required to integrate the Sign&go agent with Apache are as follows:
 Stop the server,
 Copy the files,
 Configure the agent,
 Edit the configuration file,
 Restart the server,
 Verify the installation.

Each of these steps is described below

Note: The integration of the agent for Apache 2.0 on Linux with the Web server is automated by
scripts during the installation. Therefore all that is required is to indicate the name of the
directories where the configuration files and the Apache modules are located (see “Location of
Apache” on page 16). If the installation has been successfully carried out, there is no need to
read the rest of this chapter.

4.4.2 Stopping the Web server

 Enter the following at a command prompt:

cd $APACHE20/bin
./apachectl stop"

4.4.3 Copying the files

Start the Sign&go Agent installation (see “Automatic installation using the installer program” on page
10). After having selected the component Apache 2.0 Linux, you will be asked for the location of the
file httpd.conf (by default in the $APACHE20/conf/) and Apache’s modules directory (by default
$APACHE20/modules/).
At the end of the installation, verify that the following files have been copied to the Apache server’s
modules directory:
 Sngapa20linux.so,
 sngwebag.xml.

Ilex Agent installation and configuration guide Page 28/69

Sign&go

The filter for Apache server 2.0 on Linux has been compiled with gcc, therefore the associated
libraries libc.so, ld-linux.so are required in order for it to operate.
For the rest of this section it is assumed that Apache’s modules are located in the
$APACHE_MODULES directory.
To continue, go to the next step.

4.4.4 Configuring the agent

Configure the various parameters in the sngwebag.xml file by referring to the “Configuration” chapter
on page 60.

4.4.5 Configuring Apache

 Edit the server’s configuration file httpd.conf located in $APACHE20/conf.
 Add the following to the end of the LoadModule directives already present:

LoadModule sngwebag_module $APACHE_MODULES/sngapa20linux.so

Note: A parameter named SNGAGENTdir exists which enables defining the location where the
agent will look for the .xml configuration file (as well as the directory where the logs will be
written). This parameter should be placed in the httpd.conf configuration file. For example:

SNGAGENTdir /NewSnGDir

<Location /auth/certif.html>
SSLVerifyClient require
SSLOptions +StdEnvVars
</Location>

4.4.6 Restarting the Web server

 Enter the following at a command prompt:

cd $APACHE20/bin
"./apachectl start"

4.4.7 Verifying the installation

The Sign&go filter for Apache 2.0 is now installed on the machine.

Ilex Agent installation and configuration guide Page 29/69

Sign&go

If the Apache server gives errors when starting from a command line, verify the file sngwebag.xml. If
the error persists, restart the installation procedure step by step.
If the installed version of Apache has been recompiled, the DSO (Dynamic Shared Object) support
might not be active. In this case, the Apache server cannot accept external modules. The agent
cannot be installed in an Apache version that does not support external modules.
To recompile a version of Apache that accepts external modules, refer to the Apache Web server
documentation.

Here is the simplified method for compiling Apache, where PREFIX is the installation directory and NN
is the sub-version:

gzip –d httpd-2_0_NN.tar.gz
tar xvf httpd-2_0_NN.tar
./configure –prefix=PREFIX –enable-most –enable-ssl –with-ssl=/usr/local
make
make install

4.5 Apache 2.0 on 64 bit Linux

The Sign&go agent for Apache 2.0 on 64 bit Linux is installed and configured in the same way as for
Apache 2.0 on 32 bit Linux.
This agent has been tested with Apache 2.0.52.
Please refer to the section Apache 2.0 on Linux on page 28.

4.6 Apache 2.0 on Windows

4.6.1 Prerequisites
This chapter is dedicated to the post-installation manual integration of the agent for Apache 2.0 on
Windows.
The Sign&go agent operates with Apache version 2.0.41 and higher.
Install the Apache server 2.0 if it is not already installed on the machine.
The Apache installation package is available at the following URL:
 http://www.apache.org
In the following sections it is assumed that the Apache server is installed in $PATH (by default $PATH
= “C:\Program Files\Apache Software Foundation\Apache2.0”). In the commands described
below, replace $PATH with the pathname of the Apache server installation.
The steps required to integrate the Sign&go agent with Apache are as follows:
 Stop the server,
 Copy the files,
 Configure the agent,
 Edit the configuration file,
 Restart the server,
 Verify the installation.

Each of these steps is described below

Ilex Agent installation and configuration guide Page 30/69

Sign&go

4.6.2 Stopping the Web server

Stopping the server can be done:
 Graphically via the Apache system service,
 via a command prompt with a standard Apache installation.

4.6.2.1 Graphically as a system service

If the Web server was installed as a Windows system service:
 Open the Services applet in the Control Panel (Start / Settings / Control Panel / Administrative
Tools / Services),
 Stop the corresponding system service (Called Apache2 by default if only one server is installed),
 To continue, go to the section “Copying the files” on page 31.

4.6.2.2 Using the command prompt in standard installation mode

If the server has been started manually via a command line:
 Enter the following at a command prompt:

cd $PATH
apache2 -k stop

No messages appear,
 To continue, go the section “Copying the files” on page 31.

4.6.3 Copying the files

Start the Sign&go Agent installation (see “Automatic installation using the installer program” on page
10). After having selected the component Apache 2.0 Win32, you will be asked for the location of the
file httpd.conf (by default in the $PATH/conf/) and Apache’s modules directory (by default
$PATH/modules/).
At the end of the installation, verify that the following files have been copied to the Apache server’s
modules directory:
 Sngapa20w32.dll,
 Sngapa20w32.xml.
To continue, go to the next step.

4.6.4 Configuring the agent

Configure the various parameters in the sngapa20w32.xml file by referring to the “Configuration”
chapter on page 60.

4.6.5 Configuring Apache

 Edit the server configuration file httpd.conf (located in $PATH\conf) and add the following
directives:

Note: Use forward slashes (“/”) and not backslashes in the pathnames of files (“\”).

Ilex Agent installation and configuration guide Page 31/69

Sign&go

 Add the following to the end of the LoadModule directives already present:

LoadModule sngwebag_module modules/sngapa20w32.dll

<Location /auth/certif.html>
SSLVerifyClient require
SSLOptions +StdEnvVars
</Location>

4.6.6 Restarting the Web server

Starting the Web server can be done:
 Graphically via the Apache system service,
 via a command prompt with a standard Apache installation.

4.6.6.1 Graphically as a system service

If the Web server was installed as a Windows system service:
 Open the Services applet in the Control Panel (Start / Settings / Control Panel / Administrative
Tools / Services),
 Start the corresponding system (Called Apache by default if only one server is installed),
 To continue, go to the section “Verifying the installation ” on page 32.

4.6.6.2 Using the command prompt in standard installation mode

If the server has been started manually via a command line:
 Enter the following at a command prompt:

cd $PATH
apache2 -k start

No messages appear,
 To continue, go the section “Verifying the installation” on page 32.

4.6.7 Verifying the installation

The Sign&go filter for Apache 2.0 is now installed on the machine.
If the Apache server gives errors when starting from a command line or the Windows system service
cannot keep the Apache service running, verify the file sngapa20w32.xml. If the error persists, restart
the installation procedure step by step.
If the installed version of Apache has been recompiled, the DSO (Dynamic Shared Object) support
might not be active. In this case, the Apache server cannot accept external modules. The agent
cannot be installed in an Apache version that does not support external modules.

Ilex Agent installation and configuration guide Page 32/69

Sign&go

To recompile a version of Apache that accepts external modules, refer to the Apache Web server
documentation.

4.7 Apache 2.0.49 on zLinux

A Sign&go agent for Apache 2.0.49 on zLinux (Linux on IBM zSeries) is installed in the same way as
for Apache 2.0. Refer to “Apache 2.0 on Linux” on page 28 for details.

4.8 Apache 2.2 on Linux 32 bits

A Sign&go agent for Apache 2.2 is installed and configured in the same way as for Apache 2.0
although the files are different. Refer to “Apache 2.0 on Linux” on page 28 for details.

4.9 Apache 2.2 on Linux 64 bits

A Sign&go agent for Apache 2.2 is installed and configured in the same way as for Apache 2.0
although the files are different. Refer to “Apache 2.0 on Linux” on page 28 for details.

4.10 Apache 2.2 on Windows

A Sign&go agent for Apache 2.2 is installed and configured in the same way as for Apache 2.0
although the files are different. Refer to “Apache 2.0 on Windows” on page 30 for details.

4.11 Apache 2.2 on 32 bit SPARC Solaris

The Sign&go agent for Apache 2.2 on 32 bit SPARC Solaris is installed and configured in the same
way as for Apache 2.0 on Linux. Please refer to page 28.

4.12 Domino 6.0.3 and 6.5 on AIX 5.2

4.12.1 Prerequisites
The Sign&go agent operates with Domino 6.0.3 and 6.5.x servers on AIX 5.2
Install the Domino server if it is not already on the machine.
Install Lotus Domino Administrator if it is not already on the machine.

Important: Before starting installation of the agent, create a directory on the server for the
agent’s configuration file. Give all users READ and WRITE access to this directory. Do not start
installing the agent until this directory has been created.

The steps required to install the agent are as follows:

 Create a directory on the server for the agent’s configuration file and set permissions for Read and
Write by all users,
 Install the agent from the CD-ROM,
 Configure the server with the aid of Lotus Domino Administrator,
 Configure the agent,
 Restart the server,
 Verify the installation.
Each of these steps is described below

Ilex Agent installation and configuration guide Page 33/69

Sign&go

4.12.2 Installation of the files on the server

The files to be installed on the server are as follows:
 libsngwebag.a
This file is the Sign&go agent executable. It is copied during the installation procedure and must be
put into the same directory as the Lotus executable (for example: /opt/lotus/notes/latest/ibmpow).
 sngwebag.ini
This file is copied during the installation procedure and must put into Lotus’ data directory (for example
/lotus/notesdata653).
Its purpose is to indicate the location of the agent’s configuration file sngwebag.xml. Reminder: the
log files configured in sngwebag.xml are created in this same directory, the Domino server threads
must therefore have READ and WRITE access to this directory.
Its contents are as follows:

Directory=FullNameOfTheDirectoryWhereSngwebagxmlIsLocated
For example: Directory=/opt/sngwebag

(Do not put a space before or after the ‘=’ sign).

Note: For the choice of location of the sngwebag.xml configuration file, see the note “List of
URLs to filter <FilteredUrls>...</FilteredUrls>” on page 67 for information linked to security.

 sngwebag.xml
This is the agent’s configuration file. It must be named sngwebag.xml and be located in the directory
specified by the file sngwebag.ini described above.

4.12.3 Configuring Domino 6.5

This section describes how to configure Domino 6.5 to operate with the Sign&go agent. Refer to the
following section for Domino 6.0.3.
The configuration is carried out with the aid of Lotus Domino Administrator:
 Start the administration interface of the server on which the agent is to be installed,
 click on the Configuration tab. The window should resemble the following:

Ilex Agent installation and configuration guide Page 34/69

Sign&go

 expand the Server branch in the left pane (by double-clicking),

 click on Current Server Document in the expanded branch. The window should now resemble
the following:

 now click on the Internet Protocols tab followed by the HTTP sub-tab,
 click on the Edit Server button,
 using the scroll-bar, locate the DSAPI parameters. The window should resemble the following:

Ilex Agent installation and configuration guide Page 35/69

Sign&go

 in the field entitled DSAPI filter file names enter: sngwebag without the lib at the beginning or
the .a at the end, even though the agent file is named libsngwebag.a,
 click on Save & Close,
 close Lotus Domino Administrator.

4.12.4 Configuring Domino 6.0.3

This section describes how to configure Domino 6.0.3 to operate with the Sign&go agent. Refer to the
section above for Domino 6.5.3
The configuration is carried out with the aid of Lotus Domino Administrator:
 Start the administration interface of the server on which the agent is to be installed,
 click on the Configuration tab. The window should resemble the following:

Ilex Agent installation and configuration guide Page 36/69

Sign&go

 expand the Server branch in the left pane (by double-clicking),

 click on Current Server Document in the expanded branch. The window should now resemble
the following:

 in the field entitled DSAPI filter file names enter: sngwebag without the lib at the beginning or
the .a at the end, even though the agent file is named libsngwebag.a,
 click on Save & Close,

Ilex Agent installation and configuration guide Page 37/69

Sign&go

 close Lotus Domino Administrator.

4.12.5 Configuring the agent

Configure the various parameters in the sngwebag.xml file by referring to the “Configuration” section
on page 60.

4.12.6 Restarting the Web server

Enter the following commands in the server console:

tell http quit

load http

4.12.7 Verifying the installation

The Sign&go filter for Lotus Domino 6.x is now installed on the machine.
Domino 6.x indicates the successful loading of filters during start-up in application mode (as opposed
to service mode). If the filter has correctly loaded during start-up, the following message should be
seen:

HTTP Server: DSAPI Sign&go Web Filter Version 3.0.0.x loaded successfully

If the filter cannot be loaded for any reason, the server console displays the following message during
start-up:

HTTP Server: Failed to load DSAPI module %Installation_path%\sngdomiw32.dll

Where %Installation_path% is the installation path of the Sign&go agent.

If such an error occurs, check the file sngdomiw32.xml. Restart the installation step by step if the
error persists.

4.13 Domino 6.x on Windows

4.13.1 Prerequisites
This chapter is dedicated to the post-installation integration of the Sign&go agent with Domino 6.x
The Sign&go agent operates with Domino 6.0.3 and 6.5.x servers.
Install the Domino server if it is not already on the machine.
Install Lotus Domino Administrator if it is not already on the machine.

The steps required to integrate the Sign&go agent are as follows:

 Start the server,
 Configure the server with the aid of Lotus Domino Administrator,
 Configure the agent,
 Restart the server,
 Verify the installation.
Each of these steps is described below

Ilex Agent installation and configuration guide Page 38/69

Sign&go

4.13.1 Starting the Web server

Start the Lotus Domino Server from the Lotus application group in the ‘Start’ menu.

4.13.2 Configuring the Web server

The configuration is carried out with the aid of Lotus Domino Administrator:
 Start the administration interface of the server on which the agent is to be installed. The window
should resemble the following:

 click on the Configuration tab then scroll the Server menu on the left,
 next click on All Server Documents followed by Edit Server. The window should resemble the
following:

 Click on the Internet Protocols tab followed by the HTTP sub-tab:

Ilex Agent installation and configuration guide Page 39/69

Sign&go

 In the DSAPI section, enter the absolute pathname for Sign&go agent’s library file
sngdomiw32.dll,
 Click on Save and Exit,
 close Lotus Domino Administrator.

4.13.3 Configuring the agent

Configure the various parameters in the sngdomiw32.xml file by referring to the “Configuration”
section on page 60.

4.13.4 Restarting the Web server

Enter the following commands in the server console:

tell http quit

load http

4.13.5 Verifying the installation

HTTP Server: DSAPI Sign&go Web Filter Version 3.0.0.x loaded successfully

If the filter can not be loaded for any reason, the server console displays the following message during
start-up:

HTTP Server: Failed to load DSAPI module %Installation_path%\sngdomiw32.dll

Where %Installation_path% is the installation path of the Sign&go agent.

Ilex Agent installation and configuration guide Page 40/69

Sign&go

If such an error occurs, check the file sngdomiw32.xml. Restart the installation step by step if the
error persists.

4.14 Microsoft IIS 4-5-6 on Windows

4.14.1 Prerequisites
This chapter is dedicated to the manual post-installation integration of the Sign&go agent with IIS.
The Sign&go IIS agent is an ISAPI filter for IIS.

Note: Integration of the agent with the IIS server can be carried out automatically during the
setup by choosing an automatic installation (See “Choice of installation type” on page 14) for
further details.

The steps required to integrate the Sign&go agent with IIS are as follows:
 Access the IIS management console,
 Install the ISAPI filter on desired Web site,
 Configure the agent,
 Restart the server,
 Verify the installation.

Each of these steps is described below

4.14.2 Accessing the IIS management console

There are two ways to start the IIS management console:
 via the control panel,
 via ‘My Computer’.

4.14.2.1 Control panel

 Open the Computer Management applet in the Control Panel (Start / Settings / Control Panel /
Administrative Tools),
 double-click on the Internet Services Manager (or Internet Services (IIS) applet. The following
window should appear:

Ilex Agent installation and configuration guide Page 41/69

Sign&go

 to continue, go to the section “Installing the ISAPI filter on the desired Web site” on page 43.

4.14.2.2 My Computer
 Right mouse-click over the “My Computer” icon on the Desktop,
 select Manage:

The Computer Management window will open. Open Services and Applications in the left hand
pane followed by Internet Information Services where the list of Web sites will be displayed:

Ilex Agent installation and configuration guide Page 42/69

Sign&go

 to continue, go to the section “Installing the ISAPI filter on the desired Web site” on page 43.

4.14.3 Installing the ISAPI filter on the desired Web site

Having arrived at this point via one of the two methods described above, we are now in the Internet
Services management console:
 Expand the Internet Information Services tree in the left hand pane and locate the Web site
where the ISAPI filter is to be installed. In this section we will use the Default Web Site for the
illustration.
The Web site must be stopped in order to install the ISAPI filter. To do this:
 select the desired Web site and click on the STOP button on the tool bar (or right mouse-click over
the site and select STOP from the context-sensitive menu):

 once the Web site is stopped, right mouse-click on it again to access the context-sensitive menu:

Ilex Agent installation and configuration guide Page 43/69

Sign&go

 select Properties. The following dialogue box is displayed:

 click on the ISAPI Filters tab:

Ilex Agent installation and configuration guide Page 44/69

Sign&go

 click Add….The following dialogue box appears:

 enter ‘Sign&go agent’ in the Filter Name field,

 click on the Browse… button and locate the file sngiisw32.dll in the Sign&go installation
directory,
 select the file then click the Open button:

 click OK. The filter should now be installed on the desired Web site with the dialogue box
resembling the following:

Ilex Agent installation and configuration guide Page 45/69

Sign&go

 click OK.

Note: Do not close the ‘Internet Information Services’ dialogue box as it will be used in the
following section.

 Continue to the next section.

4.14.4 Configuring the agent

 Put the file sngiisw32.xml in the same directory as the sngiisw32.dll file if it is not already there.
 Configure the various parameters in the sngiisw32.xml file by referring to the “Configuration”
section on page 60.

4.14.5 Restarting the Web server

In the Internet Services management console, click on the START button on the tool bar (or right
mouse-click over the site and select START from the context-sensitive menu).

Ilex Agent installation and configuration guide Page 46/69

Sign&go

If the sngiisw32.xml file has been correctly configured, there should be no errors reported by IIS
during starting of the Web site. If errors are seen, verify the configuration in the sngiisw32.xml file.

4.14.6 Verifying the installation

To verify that the filter has been correctly installed:
 Access the Web site’s properties (right mouse-click the Web site concerned and select
Properties). The Web site’s Properties dialogue box is displayed.
 Select the ISAPI Filters tab:

Note: In the specific case of IIS 6, in order for the state of the filter to be displayed correctly, it
might be necessary to make an HTTP: request, with the URL ‘http://localhost/’ for example

Ilex Agent installation and configuration guide Page 47/69

Sign&go

The Sign&go ISAPI filter is now installed on the machine. If the displayed dialogue box is different
from that shown above, for example if there is a downward-pointing red arrow in front of the Sign&go
filter it means that the filter has not been installed correctly and could not be loaded by IIS. In this
case, delete it (select the filter and click the Remove button) and restart the installation procedure
from the beginning. Remember that the automatic installation proposed at the beginning of the
procedure can be used.

4.14.1 Installing a second instance of the agent

In order to carry out primary authentication using the Sign&go agent for IIS, a second instance of the
agent can be installed on the same IIS server. Refer to section 2.3.4 on page 7.

4.15 Microsoft ISA Server 2000 on Windows

4.15.1 Prerequisites
This chapter is dedicated to the post-installation integration of the Sign&go agent for Microsoft ISA
Server 2000.
During installation of the agent, everything is installed, configured and integrated automatically.
Therefore the only step left to carry out is the verification of the installation.

4.15.2 Verifying the installation

Verify that the ISA agent has been added in the ISA server’s properties.
Stop and re-start the ISA Server so that the integration of the Sign&go ISA agent is registered.

4.15.3 Notes on the installation

The Sign&go agent for the Microsoft ISA Server 2000 must be registered with the Microsoft ISA
Server. This is carried out automatically during installation of the agent by the following command
executed from the Microsoft ISA server’s installation directory:

regsvr32 sngisaw32.dll

Note: Before un-installing the agent for Microsoft ISA Server 2000, the following command
must be executed from the ISA server’s installation directory: regsvr32 /u sngisaw32.dll

4.16 Microsoft ISA Server 2004 on Windows

4.16.1 Prerequisites
This chapter is dedicated to the post-installation integration of the Sign&go agent for Microsoft ISA
Server 2004.
During installation of the agent, everything is installed, configured and integrated automatically.
Therefore the only step left to carry out is the verification of the installation.

4.16.2 Verifying the installation

Verify that the ISA agent has been added in the ISA server’s properties.
Stop and re-start the ISA Server so that the integration of the Sign&go ISA agent is registered.

Ilex Agent installation and configuration guide Page 48/69

Sign&go

4.16.3 Notes on the installation

The Sign&go agent for the Microsoft ISA Server 2004 must be registered with the Microsoft ISA
Server. This is carried out automatically during installation of the agent by the following command
executed from the Microsoft ISA server’s installation directory:

regsvr32 sngisa2004w32.dll

Note: Before un-installing the agent for Microsoft ISA Server 2004, the following command
must be executed from the ISA server’s installation directory: regsvr32 /u sngisa2004w32.dll.

regsvr32 /u sngisa2004w32.dll.

4.16.4 Installing a second instance of the agent

In order to carry out primary authentication (NTLM or Kerberos) using the Sign&go agent for ISA
Server 2004 or 2006, a second instance of the same agent can be installed on the same ISA Server.
Refer to section 2.3.4 on page 7 for details.

4.17 Microsoft ISA Server 2006 on Windows

For OSA Server 2006, use the same agent as for ISA Server 2004. Install and configure the agent as
described in section 4.16 ‘Microsoft ISA Server 2004 on Windows’ on page 48

4.18 Netscape/IPlanet/Sun One Proxy Server on Solaris

4.18.1 Versions of the Sun One Proxy Server
Depending on the version of Netscape/ IPlanet / Sun One Proxy Server that is used, there are two
Sign&go agents due to the different software architecture of the proxy servers. The Sun One Proxy
Server version 4.0 or higher uses threads, whereas previous versions use processes to handle the
client connections. For this reason, the Sign&go agent is different in each case.

4.18.1.1 Versions lower than or equal to 3.x

For versions of the proxies Netscape/IPlanet/Sun One Proxy Server inferior to 4.0, the configuration
is described in this chapter.

4.18.1.2 Versions equal to or higher than 4.0

This version of the proxy server is based on the same software architecture as the Sun One Web
Server 6. For this reason, the process of installing and configuring the Sign&go agent is identical to
that of the agent for Sun One Web Server 6.
Consequently, even though it is a proxy rather than a Web server, follow the instructions given in
“Netscape/IPlanet/Sun One Web Server on Solaris” on page 54 to install the Sign&go agent for Sun
One Proxy Server 4.0.

Note : The instructions given in this chapter (below) DO NOT apply to the
Sun One Proxy Server 4.0 or higher.

4.18.2 Prerequisites
This chapter is dedicated to the integration of the Sign&go agent for Netscape/IPlanet/Sun One
Proxy Server up to Sun One Proxy Server 3.x included.

Ilex Agent installation and configuration guide Page 49/69

Sign&go

The Sign&go agent operates with Netscape 3.51 SP3 and higher.
In the following sections, it is assumed that the server is installed in the $PATH directory and that
Sign&go agent is located in the $FILTER_PATH. In the following commands, replace $PATH and
$FILTER_PATH by the correct pathnames respectively.
In the examples, $FILTER_PATH corresponds to /usr/netscape/suitespot/plugins/signandgo. It is
also assumed that that the Web server is named $SERVER_NAME, therefore throughout the rest of
this chapter this name must be replaced by that of your server.
The steps required to integrate the Sign&go agent with Sun One Proxy are as follows:
 Stop the server,
 Copy the files,
 Configure the agent,
 Edit the configuration file,
 Re-start the server,
 Verify the installation.

4.18.3 Stopping the proxy server

The server can be stopped with the following command issued from the command line:

cd $PATH/proxy-$SERVER_NAME
./stop

4.18.4 Configuration of the agent

Configure the various parameters in the sngwebag.xml file by referring to the “Configuration” chapter
on page 60.

4.18.5 Configuring the proxy server

Edit the server’s obj.conf file found in $PATH/proxy-$SERVER_NAME/config and add the following
directives:
 In obj.conf, at the start of the Init fn declarations, add the two following lines at the end of the
existing Init-fn directives:

Init fn="load-modules" funcs="FilterInit,FilterAuthTrans"

shlib="$FILTER_PATH/sngsoproxsol.so" NativeThread="no"
Init fn="FilterInit"

Note: The first of the two commands above should be entered on one line with only a space
between “…FilterAuthTrans” and “shlib=…”. In the example above, the command has been
placed on two lines purely to aid legibility.

 in obj.conf, above the block of NameTrans fn declarations, add the following before the existing
AuthTrans directives:

AuthTrans fn="FilterAuthTrans"

Ilex Agent installation and configuration guide Page 50/69

Sign&go

Note: A parameter named SNGAGENTdir allows specifying the pathname where the agent will
look for the .xml configuration file (also the location where the log files will be written). This
parameter is placed in the obj.conf or magnus.conf (depending on the version) file on the same
line as the FilterInit directive. For example:

Init fn="FilterInit" SNGAGENTdir="/NewSnGDir"

It allows the .xml configuration file to be placed in directory other than /etc/signandgo. The
parameter is optional, if it does not exist, the .xml file is expected to be in the default directory:
/etc/signandgo.

4.18.6 Restarting the proxy server

Enter the following on a command line:

cd $PATH/proxy-$SERVER_NAME
./start

4.18.7 Verifying the installation

The Sign&go NSAPI filter is now installed on the machine.
If the server gives errors when starting from a command line, verify the sngwebag.xml file. Restart
the installation procedure from scratch if the errors persist.

4.19 Netscape/IPlanet/Sun One proxy server on Windows

4.19.1 Prerequisites
This chapter is dedicated to the post-installation integration of the Sign&go agent for
Netscape/IPlanet/Sun One Proxy Server on Windows.
The Sign&go agent operates with Netscape 3.51 SP3 and higher.
The Sign&go Netscape/IPlanet/Sun One Proxy Server agent is a NSAPI filter.
The proxy is assumed to have been installed with the following two Windows system services:
 $SERVICE_NAME1, Proxy server,
 $SERVICE_NAME2, Proxy server administration.

Ilex Agent installation and configuration guide Page 51/69

Sign&go

In the following commands, replace $SERVICE_NAME1 and $SERVICE_NAME2 by the service

names corresponding to the installed server.
In this chapter, it is assumed that the server is installed in the directory $PATH, and the
Netscape/IPlanet/Sun One proxy server agent in the Sign&go installation directory $FILTER_PATH.
Replace $PATH and $FILTER_PATH by their respective directories using forward slashes (“/”) rather
than back-slashes (“\”) in the pathnames..
The steps required to integrate the Sign&go agent with the Netscape/IPlanet/Sun One Proxy Server
are as follows:
 Stop the server,
 Configure the agent,
 Edit the configuration file,
 Re-start the server,
 Verify the installation.
Each of these steps is described below

4.19.2 Stopping the proxy server

 Open the Windows services manager (Start / Settings / Control Panel / Administrative Tools /
Services)
 Stop the services $SERVICE_NAME1 and $SERVICE_NAME2.

4.19.3 Configuring the agent

 Configure the various parameters in the sngsoproxw32.xml file by referring to the “Configuration”
chapter on page 60.
 The configuration file must be located in the same directory as the agent’s .dll file.

Ilex Agent installation and configuration guide Page 52/69

Sign&go

4.19.4 Modifying the configuration file

 Edit the proxy’s obj.conf file found in $PATH\proxy-$SERVER_NAME\config to add the
following two lines at the beginning of the Init fn declarations block:

Init fn="load-modules" shlib="$FILTER_PATH/sngsoproxw32.dll"

funcs="FilterInit,FilterAuthTrans"
Init fn="FilterInit"

Note 1: The first of the two commands above should be entered on one line with only a space
between “…sngsoproxw32.dll” and “funcs="…”. In the example above, the command has been
placed on two lines purely to aid legibility.

Note 2: Note the use of forward-slashes (“/”) rather than back-slashes (“\”) in the pathnames.

 In the obj.conf file, before the block of AuthTrans fn declarations, add:

AuthTrans fn="FilterAuthTrans"

4.19.5 Restarting the proxy server

Open the Windows services manager (Start / Settings / Control Panel / Administrative Tools /
Services) and start the services $SERVICE_NAME1 and $SERVICE_NAME2.

4.19.6 Verifying the installation

The Sign&go NSAPI filter is now installed on the machine.
If the Windows services manager can not keep the $SERVICE_NAME1 service running, verify the
configuration in the sngsoproxw32.xml file
If the error persists, restart the installation procedure step by step.

Ilex Agent installation and configuration guide Page 53/69

Sign&go

4.20 Netscape/IPlanet/Sun One Web Server on Solaris

4.20.1 Prerequisites
This chapter is dedicated to the post-installation integration of the Sign&go agent for
Netscape/IPlanet/Sun One Web Server on Solaris.
The Sign&go agent operates with Netscape 3.51 SP3 and higher.
In this chapter, it is assumed that the server is installed in the directory $PATH, and the
Netscape/IPlanet/Sun One Web server agent in the Sign&go installation directory $FILTER_PATH
(by default: /usr/netscape/suitespot/plugins). Replace $PATH and $FILTER_PATH by their
respective directories using forward slashes (“/”) rather than back-slashes (“\”) in the pathnames.
The steps required to integrate the Sign&go agent with the Netscape/IPlanet/Sun One Web Server
are as follows:
 Stop the server,
 Configure the agent
 Configure the Web server,
 Re-start the server,
 Verify the installation.
Each of these steps is described below

4.20.2 Stopping the Web server

The server can be stopped with the following command issued from the command line:

cd $PATH/server/https-$SERVER_NAME
./stop

4.20.3 Configuring the agent

 Configure the various parameters in the sngwebag.xml file by referring to the “Configuration“
chapter on page 60.

4.20.4 Configuring the Web server

The configuration depends on the installed version:
 Versions lower than iPlanet 6 (Netscape 3.5),
 versions equal to or higher than iPlanet 6 (SunONE iPlanet).

4.20.4.1 Versions lower than iPlanet 6

 Edit the server’s obj.conf file found in $PATH\https-$SERVER_NAME\config to add the
following two lines at the beginning of the Init fn declarations block:

Init fn="load-modules" funcs="Filter_Init,FilterAuthTrans,FilterResponse"

shlib="$FILTER_PATH/sngiplasol.so" NativeThread="no"
Init fn="FilterInit"

Ilex Agent installation and configuration guide Page 54/69

Sign&go

Note 1: The first of the two commands above should be entered on one line with only a space
between “…FilterResponse"” and “shlib="…”. In the example above, the command has been
placed on two lines purely to aid legibility.

 In the obj.conf file, before the block of NameTrans fn declarations, add the following at the
beginning of the existing AuthTrans declarations:

AuthTrans fn="FilterAuthTrans"

 In the obj.conf file, before the block of ObjectType fn declarations, add the following at the
beginning of the existing ObjectType declarations:

ObjectType fn="FilterResponse"

Init fn="FilterInit" SNGAGENTdir="/NewSnGDir"

It allows the .xml configuration file to be placed in a directory other than /etc/signandgo. The
parameter is optional, if it does not exist, the .xml file is expected to be in the default directory:
/etc/signandgo.

To continue, proceed to section “Restarting the server” on page 56.

4.20.4.2 Versions equal to or higher than iPlanet 6

Edit the server’s magnus.conf and obj.conf files located in: $PATH\servers\https-
$SERVER_NAME\config and add the following directives:
 In magnus.conf, in the block of Init fn declarations, add the following two lines at the end of the
existing Init-fn declarations:

Init fn="load-modules" funcs="Filter_Init,FilterAuthTrans,FilterResponse"

shlib="$FILTER_PATH/sngiplasol.so" NativeThread="no"
Init fn="FilterInit"

 In the obj.conf file, before the block of NameTrans fn declarations, add the following at the
beginning of the existing AuthTrans declarations:

AuthTrans fn="FilterAuthTrans"

 In the obj.conf file, before the block of ObjectType fn declarations, add the following at the
beginning of the existing ObjectType declarations:

Ilex Agent installation and configuration guide Page 55/69

Sign&go

ObjectType fn="FilterResponse"

Init fn="FilterInit" SNGAGENTdir="/NewSnGDir"

To continue, proceed to section “Restarting the server” on page 56.

4.20.5 Restarting the server

Start the server with the following command issued from the command line:

cd $PATH/server/https-$SERVER_NAME
./start

4.20.6 Verifying the installation

4.21 Netscape/IPlanet/Sun One Web Server on Windows

4.21.1 Prerequisites
This chapter is dedicated to the post-installation integration of the Sign&go agent for
Netscape/IPlanet/Sun One Web Server on Windows.
The Sign&go agent operates with Netscape 3.51 and higher.
The Sign&go Netscape/IPlanet/Sun One Web Server agent is a NSAPI filter.
The server is assumed to have been installed with the following two Windows system services:
 $SERVICE_NAME1, Web server,
 $SERVICE_NAME2, Web server administration.
In the following commands, replace $SERVICE_NAME1 and $SERVICE_NAME2 by the service
names corresponding to the installed server (these names depend on the version installed:. Netscape,
iPlanet or SunONE).
In this chapter, it is assumed that the server is installed in the directory $PATH, and the
Netscape/IPlanet/Sun One web server agent in the Sign&go installation directory $FILTER_PATH.
Replace $PATH and $FILTER_PATH by their respective directories using forward slashes (“/”) rather
than back-slashes (“\”) in the pathnames..
The steps required to integrate the Sign&go agent with the Netscape/IPlanet/Sun One Web Server
are as follows:

Ilex Agent installation and configuration guide Page 56/69

Sign&go

 Stop the server,

 Configure the agent,
 Edit the configuration file,
 Re-start the server,
 Verify the installation.
Each of these steps is described below

4.21.2 Stopping the Web server

 Open the Windows services manager (Start / Settings / Control Panel / Administrative Tools /
Services)
 Stop the services $SERVICE_NAME1 and $SERVICE_NAME2.

4.21.3 Configuring the agent

 Configure the various parameters in the sngsoproxw32.xml file by referring to the
“Configuration” chapter on page 60.
 The configuration file must be located in the same directory as the agent’s .dll file.

4.21.4 Modifying the configuration file

The configuration depends on the installed version:
 Versions lower than iPlanet 6 (Netscape 3.5),
 versions equal to or higher than iPlanet 6 (SunONE iPlanet)

4.21.4.1 Versions lower than iPlanet 6

Edit the server’s obj.conf files located in: $PATH\servers\https-$SERVER_NAME\config and add
the following directives:

Ilex Agent installation and configuration guide Page 57/69

Sign&go

 In obj.conf, in the block of Init fn declarations, add the following two lines at the beginning of the
existing Init-fn declarations:

Init fn="load-modules" shlib="$FILTER_PATH/sngiplaw32.dll"

funcs="FilterInit,FilterAuthTrans,FilterResponse"
Init fn="FilterInit"

Note 1: The first of the two commands above should be entered on one line with only a space
between “…sngiplaw32.dll"” and “funcs=” …”. In the example above, the command has been
placed on two lines purely to aid legibility.

Note 2: Note the use of forward-slashes (“/”) rather than back-slashes (“\”) in the pathnames.

 In the obj.conf file, before the block of NameTrans fn declarations, add the following at the
beginning of the existing AuthTrans declarations:

AuthTrans fn="FilterAuthTrans"

 In the obj.conf file, before the block of ObjectType fn declarations, add the following at the
beginning of the existing ObjectType declarations:

ObjectType fn="FilterResponse"

To continue, proceed to section “Restarting the server” on page 59.

4.21.4.2 Versions equal to or higher than iPlanet 6

Edit the server’s magnus.conf and obj.conf files located in: $PATH\servers\https-
$SERVER_NAME\config and add the following directives:

 In magnus.conf, in the block of Init fn declarations, add the following two lines at the end of the
existing Init-fn declarations:

Init fn="load-modules" shlib="$FILTER_PATH/sngiplaw32.dll"

funcs="FilterInit,FilterAuthTrans,FilterResponse"
Init fn="FilterInit"

Note 1: The first of the two commands above should be entered on one line with only a space
between “…sngiplaw32.dll"” and “funcs="…”. In the example above, the command has been
placed on two lines purely to aid legibility.

Note 2: Note the use of forward-slashes (“/”) rather than back-slashes (“\”) in the pathnames.

 In the obj.conf file, before the block of NameTrans fn declarations, add the following at the
beginning of the existing AuthTrans declarations:

AuthTrans fn="FilterAuthTrans"

 In the obj.conf file, before the block of ObjectType fn declarations, add the following at the
beginning of the existing ObjectType declarations:

ObjectType fn="FilterResponse"

Ilex Agent installation and configuration guide Page 58/69

Sign&go

To continue, proceed to section “Restarting the server” on page 59.

4.21.5 Restarting the server

Open the Windows services manager (Start / Settings / Control Panel / Administrative Tools /
Services) and start the services $SERVICE_NAME1 and $SERVICE_NAME2.

During start-up of $SERVICE_NAME_1, the password requested for the key file is “password”.

4.21.6 Verifying the installation

The Sign&go NSAPI filter is now installed on the machine.
If the Windows services manager can not keep the $SERVICE_NAME1 service running, verify the
configuration in the sngiplaw32.xml file
If the error persists, restart the installation procedure step by step.

Ilex Agent installation and configuration guide Page 59/69

Sign&go

5 CONFIGURATION
5.1 Installation review
The installation of a Web agent (not including the ILEX Proxy Server, see the specific documentation
for this) deploys several components:
 the agent configuration file in XML format,
 a library file specific to the Web or Proxy server (.dll, .so or .a depending on which type).

Note: For Windows platforms, the library file and the configuration file both have the same
filenames apart from the file extension (for example: sngiisw32.dll and sngiisw32.xml) and are
to be found in the same directory. For UNIX platforms, the names are more arbitrary (for
example: sngapa13linux.so and sngwebag.xml). The location of the .xml configuration file is
configurable; this configuration is detailed in the corresponding chapter for each filter.

To configure the Sign&go Web agent, the installed ‘.xml’ file must be modified.

5.2 Composition of the configuration file

The agents’ configuration file is in the XML format.
The file is installed containing a pre-defined configuration.
The .XML file has <Config> as its main element which contains the following principle sections:
 The agent’s operational parameters: section <Agent>... </Agent>,
 The agent’s relationship with one or several security servers: section <Servers>... </Servers>,
 An optional section enabling the configuration of a list of URLs to be protected (or otherwise) by
the agent: section <FilteredUrls>... </FilteredUrls>.

5.3 Operational parameters, section <Agent>...</Agent>

The <Agent>...</Agent> section contains the agent’s operational parameters.

5.3.1 Agent name, <Name>

This name must be identical to the name defined with the Sign&go Administration (i.e., the security
server’s configuration) in the Agent Configuration section.
Example:

<Name>AG01</Name>
<Name>AGWEB</Name>

5.3.2 Type of agent, <Type>

The agent type must be WEB.
Example:

Ilex Agent installation and configuration guide Page 60/69

Sign&go

5.3.3 Agent password, <Pass>

This constitutes the shared secret between the security server and the agent. One of the conditions
that must be met before the security server will communicate with the agent is that the key phrase
configured here must be identical to that set in the security server’s configuration for this agent.
Example:

<Pass>password</Pass>

5.3.4 Log files, <AgentLogFile1> and <AgentLogFile2>

Maintenance information is stored permanently in log files located on the local disk.
Two files are used for the trace logs. When the current file reaches its maximum size (as defined in
section 5.3.6), the other file is emptied and becomes the current one.
These parameters define the location of these files.
Example:

<AgentLogFile1>logAg1.log</AgentLogFile1>
<AgentLogFile2>logAg2.log</AgentLogFile2>

or:

<AgentLogFile1>/opt/sngagent/logs/log1.log</AgentLogFile1>
<AgentLogFile1>/opt/sngagent/logs/log2.log</AgentLogFile1>

or:

<AgentLogFile1>c:\program files\sngagent\logs\logAg1.log</AgentLogFile1>
<AgentLogFile2>c:\program files\sngagent\logs\logAg2.log</AgentLogFile2>

If these parameters are not defined as absolute pathnames (i.e. full path and file name), they will be
considered as paths relative to the location of the .xml configuration file.

ATTENTION: The agent will not create any directories; you must make sure that you create
them yourself.
Security
Particular attention must be paid to the log file directories. For reasons of security, certain servers
(Web or Proxy servers) execute HTTP: requests under specific user accounts having very limited
rights. The Sign&go agent executes under this same account. As a consequence, if the account does
not have sufficient privileges on this directory, no log files will be produced.
It is highly recommended to create a dedicated directory for the log files. This directory should have
Execute, Read and Write permissions either for the account used to run the host server (Web or
Proxy) or for ‘All users’.

5.3.5 Logs trace mask, <AgentLogMask>

This parameter enables definition of the information to be logged to the log files.The values are
identical to those of the AgentTracerMask parameter

Ilex Agent installation and configuration guide Page 61/69

Sign&go

Example:

5.3.6 Maximum log size, <MaxLogSize>

Maximum size, in Kb, that each of the log files is permitted to grow to.
Example:

5.3.7 <IlexAdminPattern>
Reserved for use by ILEX support staff. Do not modify.

5.3.8 Cache size, <CacheSize>

During processing of a request, the agent gathers the information related to the access request and
consults the security server which returns a response containing the behaviours that the agent must
apply.
Dependent upon what the security server dictates, these responses can be stored in the agent’s
cache in order to reduce the number of data exchanges with the security server. The parameter
specifies the capacity of the cache in Kb.
A value of 0 (zero) signifies “no cache”.
Example:

5.3.9 Parameters reserved for the cache, <sBufMin>,

<sBufMax>, <nRefusAdjust>, <nRefusRazStats>
Reserved for use by ILEX support staff. Do not modify.

5.3.10 Filter priority, <FilterPriority>

This parameter is only used for IIS and ISA Server.
It indicates the priority of the filter in terms of Microsoft ‘web filters’ and accepts the following values:
1=HIGH, 2=MEDIUM, 3=LOW.
If the value is defined as ‘0’ or is absent from the configuration file, then the DEFAULT value of ‘3’ will
be used (i.e. LOW).
This parameter is ignored in all other Web servers.
Example:

Ilex Agent installation and configuration guide Page 62/69

Sign&go

5.3.11 Server configuration update interval,

<QueryTimeout>
The time (in seconds) between interrogating the security server to find out if changes have been made
to its configuration. A low value enables modifications to be taken into account more quickly, but
increases communication traffic with the security server. The value is effectively the maximum time
taken before configuration changes are taken into account.
The default value at installation time is deliberately set to a low value in order to facilitate the testing of
security policies. For performance reasons during normal operation, it is important that the value of
this parameter is increased.
Example:

5.3.12 Inclusion of hostname, <IncludeHostName>

Determines the composition of the resource name sent to the security server.
Two values are available:
 0 = Do not include the hostname: In this case, the agent does not include the hostname in the
resource-name sent to the security server and only sends complete pathname including any
eventual parameters after a “?”: /dir1/index.jsp?p=1.
 1 = Include the hostname: In this case the agent will include the hostname (and TCP port if it is
different from the default): //www.ilex-si.com/dir1/index.jsp?p=1.
In nearly all cases the value used will be “1”. The resource names configured in the security policies
must match the forms defined by this parameter.
Example:

5.3.13 Role of the ISAPI filter, <Role>

This parameter is only used by the agents for Microsoft Internet Information Services (IIS).
Two values are permitted:
 0 = authorisation/SSO agent,
 1 = authentication agent.

Note: To use the agent for IIS in authentication mode, an IIS version 5 or higher is required.

Example:

5.3.14 Use in IIS or ISA Server, <IsaServer>

This parameter is only used for IIS or ISA Server.
It indicates to the agent whether the host server is an IIS Web server or an ISA Server proxy.
The permitted values are
 0 = agent for IIS,
 1 = agent for ISA Server.
Example for use in IIS:
Ilex Agent installation and configuration guide Page 63/69
Sign&go

5.3.15 Certificate information, <CertInfo>

This parameter is only used by the Apache filter type of agents.
Two values are permitted:
 1 = retrieve the certificate information; but dynamic URL translation is not possible,
 0 = do not retrieve certificate information; dynamic URL translation can be carried out,
This constraint is due to Apache functionality.
Example:

5.3.16 Blacklist delay, <BlackListDelay>

This parameter defines a time (in seconds) before the agent will try to re-connect to a security server
following a failed previous attempt.
A value of 0 (zero) signifies that it will never blacklist a server.
Example:

5.3.17 Suspect URL blocking, <BadUrlPatterns>

This parameter enables the agent to refuse requests that contain ‘suspect’ URLs; the request is
refused if it contains any of the character strings specified by this parameter.
The verification is carried out only on the part of the URL situated between the hostname and the
pathname inclusive, in other words everything except the characters found after a hash (“#”) or
question mark (“?”) character.
The character strings must be separated by commas (“,”) and any spaces are ignored.
Example:

In this example all URLs are refused if they contain two successive periods (“.”) or two successive
e” E”
slashes (“/”) whichever way they may be coded (“.”, “%2 , “%2 or “/”, “%2f”, “%2F”). Therefore, in the
example above, the URL is refused if it contains at least one of following combinations:
e” E”
“..”, “%2e%2 , “%2e%2E”, “%2E%2e”, “%2E%2 , “.%2e”, “%2e.”, “.%2E”, “%2E.”
or
”//”, “%2f%2f”, “%2f%2F”, “%2F%2f”, “%2F%2F”, “.%2f”, “%2f.”, “.%2F”, “%2F.”

5.3.18 Suspect URL blocking, <BadUrlValues>

This parameter enables the agent to refuse requests that contain ‘suspect’ URLs; the request is
refused if it contains any of the bytes (value 0 to 255) in the list specified by this parameter whether it
is encoded in hexadecimal or otherwise.
The verification is carried out only on the part of the URL situated between the hostname and the
pathname inclusive, in other words everything except the characters found after a hash (“#”) or
question mark (“?”).

Ilex Agent installation and configuration guide Page 64/69

Sign&go

rd
Each element in the list defines a range of values and must be comprised of 5 characters, the 3 of
which must be a minus (“-“). The two characters before the “-“ specify the range’s lower limit (in
hexadecimal) and the two characters after it specify the range’s upper limit (again in hexadecimal).
The elements in the list must be separated by commas (“,”) and have no spaces between them.
Example:

In this example, a request is refused if its URL contains a byte whose numerical value is between 0
and 0x1F (31 decimal) inclusive or equal to 0xFF (255 decimal).

5.4 Relationship with the security servers

The section <Servers>...</Servers> enables the configuration of one or several security servers to be
consulted by the agent. The parameters relative to each security server are contained within a
<Server>...</Server> element.
The parameters are described below.

5.4.1 Server hostname or address, <HostName>

DNS name or IP address of the security server.
Examples:

<HostName>localhost</HostName>
<HostName>192.168.0.2</HostName>

5.4.2 Port number, <Port>

TCP port number for connecting to this security server.
Example:

5.4.3 Number of connections, <nCnx>

The agent establishes and maintains several simultaneous connections with each security server in
order to process several requests concurrently.
The nCnx parameter defines the number of connections that each process establishes with the
security server.
The recommended values for nCnx are as follows (in cases of high load, increase the values from 20
but always keep the value of 1 for the “other agents”):

Agent nCnx
All agents on Windows 20
Web iPlanet/Sun One server (Solaris) 20
Sun One Proxy Server 4 (Solaris) 20
Other agents 1

The value of this parameter is determined by taking the following points, which are inherent in the Web
(or proxy) server architecture, into account:
Ilex Agent installation and configuration guide Page 65/69
Sign&go

 When an agent is started in a single process with several threads (workers), with IIS for example,
all of the nCnx connections are shared by all of the threads. As such there is no point in defining
nCnx higher than the number of simultaneous clients. In practice, thanks to the agent’s caching
mechanism, a value of 20 for nCnx should be sufficient for 100 simultaneous clients,
 If each worker is a different process (with Apache on UNIX for example), each process only deals
with one client at a time and so one connection (nCnx=1) per process is sufficient, there is no
advantage to be gained from increasing this value (on the contrary, a higher number can cause a
potential shortage of TCP connections). In this case, the parameter nCnx must be defined as 1
This value (1) however, is multiplied by the total number of processes. If, for example, Apache on
Linux is configured with a maximum number of simultaneous clients equal to 250
(ThreadsPerChild=250), then the agent can establish up to 250 TCP connections with the security
server.
Example:

5.4.4 Server usage, <Frequency>

Relative solicitation weighting of this server in relation to the others.
This parameter enables distributing the server solicitation load in an uneven manner by defining
different values for each enabled server. The distribution is independent from the number of nCnx
connections configured for each server.
Therefore by defining Frequency=1 for Server1 and Frequency=3 for Server2, the agent will
distribute the requests to the servers in the following way: 1 question to Server1 for every 3
questions to Server2, independently from the number of connections established with each server, in
other words whatever value is defined for the parameter nCnx.
Example:

5.4.5 Use of SSL, <ssl>

Indicates whether the connections to this security server should be in SSL mode (1) or not (0).
The value of this parameter must match the TCP port number defined by the <Port> parameter.
Example:

Ilex Agent installation and configuration guide Page 66/69

Sign&go

5.4.6 Example configuration of two security servers

<Servers>
<Server>
<Name>sngSRV01</Name>
<HostName>192.168.9.190</HostName>
<Port>3101</Port>
<nCnx>1</nCnx>
<Frequency>3</Frequency>
<ssl>1</ssl>
</Server>
<Server>
<Name>sngSRV02</Name>
<HostName>DNSHostname2</HostName>
<Port>3100</Port>
<nCnx>1</nCnx>
<Frequency>10</Frequency>
<ssl>0</ssl>
</Server>
</Servers>

5.5 List of URLs to filter <FilteredUrls>...</FilteredUrls>

5.5.1 Functionality
This section is for configuring the URL filtering functionality. Its presence is optional.
It enables specifying a list of URLs (or more precisely: patterns) and instructs the agent:
 either not to carry out access control on these URLs,
 or to perform access control on only these URLs.
By default, that is to say in the absence of this section, the agent will perform access control on all
requests without exception, it will protect all the URLs.
When a URL is protected, the agent always applies the behaviours dictated by the security server. If
the security server is unavailable, the agent refuses access to this URL and returns an “Access
refused” (status code = 403) response.
When a URL is not protected by the agent, the agent becomes totally transparent as if it didn’t exist. In
particular, during processing of a non-protected URL, the agent never contacts the security server.
This guarantees that, if the server is unavailable, an unprotected URL will remain accessible.
The agent always authorises access to ‘unprotected’ URLs. It never applies ANY security policies to
these URLs, even if security policies exist for them within the Sign&go administration.

5.5.2 Agent configuration update interval

The TTL parameter described below allows modifications to the parameters in this section to be taken
into account dynamically, without restarting the agent.

Note: Taking the parameters in this section into account dynamically requires that the .xml file
be accessible to the process or threads that attempt to read it. The reading of the .xml
configuration file is carried out by the host server’s process or threads. In most cases, for
reasons of security, these threads or process are created by an account having as few
privileges as possible. For the agent to be able to re-read the configuration file, it must be
READ accessible by the account that creates the process or threads.

Ilex Agent installation and configuration guide Page 67/69

Sign&go

5.5.3 Parameters
The parameters are: TTL, Protect, Case and a list of URL patterns which are all described below.
An example <FilteredUrls> section is shown here:

<FilteredUrls>
<TTL> 10 </TTL>
<Protect> 0 </Protect>
<Case> 0 </Case>
<Url> //*:8080/* </Url>
<Url> */auth/* </Url>
<Url> //*.ilex-si.com/* </Url>
<Url> //www.ilex.fr/auth/dologin.jsp </Url>
</FilteredUrls>

In this example: URLs that match at least one of the above patterns are not protected (Protect=0) by
the agent and are therefore accessible as if the agent didn’t exist. All modifications to this section will
be taken into account by the agent within 10 seconds after having saved the configuration file
(TTL=10).

5.5.4 Update interval, <TTL>

The TTL parameter defines the interval at which configuration changes are taken into account.
It is effectively the amount of time that the parameters in this section remain valid after the
configuration file has been read. During reading of all the data in this section, the agent stores the
modification date and time of the file, TTL seconds later it verifies the date and time of the file. If the
new date and time of the file is different from that which the agent has stored in memory, it will re-read
all of the parameters in the <FilteredUrls> section and implement them (overriding the previous
values), this includes the value of the TTL parameter.
A TTL value of 0 (TTL=0), or if it is non-existent, signifies that the <FilteredUrls> section should never
be re-read. In this case the agent will operate with the values that existed at start-up or at the time that
TTL was set to 0 (zero).

5.5.5 URL protection flag, <Protect>

The <Protect> parameter determines whether access control should be carried out on the URLs listed,
or not listed, in this section. Two values are available:
 1 = perform access control only on the URLs listed. In this case, all requests whose URL
corresponds to any of the patterns in the list will be subject to access control by Sign&go;
 0 = perform access control only on the URLs that are not listed. In this case, all requests whose
URL corresponds to any of the patterns in the list will not be subject to any access control by
Sign&go.

5.5.6 Case-sensitive indicator, <Case>

The <Case> parameter determines whether or not the comparison of the requested URL and the
specified patterns is case-sensitive. It has two possible values:
 1 = The comparison is case-sensitive;
 0 = The comparison is not case-sensitive (the case of the characters is ignored).

Ilex Agent installation and configuration guide Page 68/69

Sign&go

5.5.7 List of patterns, <Url>

The <FilteredUrls> section can contain none or several <Url> parameters each containing a URL
pattern. All of these parameters together constitutes the list of URL patterns to be protected (if
Protect=1) or ignored (if Protect=0).

Ilex Agent installation and configuration guide Page 69/69

Dangerous Google Searching For Secrets
No ratings yet
Dangerous Google Searching For Secrets
12 pages
BriefCam v5.4 Installation Guide
100% (1)
BriefCam v5.4 Installation Guide
101 pages
Qlogic CLI Guide SAN Switch Module 59243-00 A
No ratings yet
Qlogic CLI Guide SAN Switch Module 59243-00 A
318 pages
Agile 982596355
50% (2)
Agile 982596355
464 pages
Summation User Guide - Access Data 2012
No ratings yet
Summation User Guide - Access Data 2012
301 pages
Ambit Optimist 8 Installation Guide
0% (1)
Ambit Optimist 8 Installation Guide
87 pages
Security Server Installation and Configuration Guide
No ratings yet
Security Server Installation and Configuration Guide
93 pages
MFG - PRO Quick Start TRAINING GUIDE
No ratings yet
MFG - PRO Quick Start TRAINING GUIDE
402 pages
CB Ac Agent Installation Guide
No ratings yet
CB Ac Agent Installation Guide
89 pages
Mcafee Virusscan Enterprise 8.8 Software: Installation Guide
No ratings yet
Mcafee Virusscan Enterprise 8.8 Software: Installation Guide
34 pages
Linux - McAfee Antivirus Installation
50% (2)
Linux - McAfee Antivirus Installation
22 pages
Seal Sign 2.4
No ratings yet
Seal Sign 2.4
130 pages
HPS Inspection Engine - HELP
No ratings yet
HPS Inspection Engine - HELP
42 pages
Certifier 7.3 ReferenceGuide
No ratings yet
Certifier 7.3 ReferenceGuide
154 pages
Sage SalesLogix Implementation Guide
No ratings yet
Sage SalesLogix Implementation Guide
162 pages
01 ProtectServer - Part I - Product Overview
No ratings yet
01 ProtectServer - Part I - Product Overview
20 pages
Ibm Utl Tcsuite 9.63 Anyos Noarch User Guide PDF
No ratings yet
Ibm Utl Tcsuite 9.63 Anyos Noarch User Guide PDF
142 pages
WAVE 5 1 Installation Guide
No ratings yet
WAVE 5 1 Installation Guide
66 pages
Epicor10 NewInstallGuide 101600
No ratings yet
Epicor10 NewInstallGuide 101600
149 pages
SGOS 6.6.x Administration Guide
No ratings yet
SGOS 6.6.x Administration Guide
1,966 pages
Sign&go Architecture Guide
No ratings yet
Sign&go Architecture Guide
78 pages
SGOS6.5.2.10 Admin Guide PDF
No ratings yet
SGOS6.5.2.10 Admin Guide PDF
1,552 pages
WA5901G01 ProductOverview
No ratings yet
WA5901G01 ProductOverview
26 pages
JCE-Developer - Guide-4 6 0
0% (1)
JCE-Developer - Guide-4 6 0
108 pages
Symantec Data Loss Prevention System Requirements and Compatibility Guide
No ratings yet
Symantec Data Loss Prevention System Requirements and Compatibility Guide
55 pages
Whatsup Gold
No ratings yet
Whatsup Gold
72 pages
Riverbed Setup
No ratings yet
Riverbed Setup
84 pages
ITCAM sg247151
No ratings yet
ITCAM sg247151
498 pages
Barracuda NG Firewall Admin Guide
No ratings yet
Barracuda NG Firewall Admin Guide
638 pages
Trellix Epolicy Orchestrator - On-Prem 5 10 0 Installation Guide 2024-11-27-10-17-10
No ratings yet
Trellix Epolicy Orchestrator - On-Prem 5 10 0 Installation Guide 2024-11-27-10-17-10
125 pages
ESMIG - U2A - Qualified - Configurations - v1.3.4 EN
No ratings yet
ESMIG - U2A - Qualified - Configurations - v1.3.4 EN
31 pages
Domino & Lotus Install 852
No ratings yet
Domino & Lotus Install 852
289 pages
Mcafee Data Loss Prevention 9.2.0: Installation Guide
No ratings yet
Mcafee Data Loss Prevention 9.2.0: Installation Guide
76 pages
Entrust IdentityGuard 8.1 Directory Configuration Guide
100% (1)
Entrust IdentityGuard 8.1 Directory Configuration Guide
62 pages
High Availability Verse With Proxy 7-24-2024 v3.2.2
100% (1)
High Availability Verse With Proxy 7-24-2024 v3.2.2
36 pages
OpenScape Business V1, Service Documentation, Issue 20
No ratings yet
OpenScape Business V1, Service Documentation, Issue 20
498 pages
Whatsup Gold V16.1: Getting Started Guide
No ratings yet
Whatsup Gold V16.1: Getting Started Guide
30 pages
Zimbra For Security and Privacy
No ratings yet
Zimbra For Security and Privacy
2 pages
WhatsConnected 22 User Guide
No ratings yet
WhatsConnected 22 User Guide
79 pages
NetScaler 10.5 SSL Offload and Acceleration
No ratings yet
NetScaler 10.5 SSL Offload and Acceleration
253 pages
Red Hat Directory Server 9.0 Installation Guide en US
No ratings yet
Red Hat Directory Server 9.0 Installation Guide en US
115 pages
The DSC Book
No ratings yet
The DSC Book
163 pages
An Introduction To App Connect Enterprise
No ratings yet
An Introduction To App Connect Enterprise
12 pages
Ibm Websphere Application Server V8.5 Administration and Configuration Guide For Liberty Profile
No ratings yet
Ibm Websphere Application Server V8.5 Administration and Configuration Guide For Liberty Profile
226 pages
Meghdoot - Administration - Guide
No ratings yet
Meghdoot - Administration - Guide
105 pages
AppSync 4.0 Installation and Configuration Guide PDF
No ratings yet
AppSync 4.0 Installation and Configuration Guide PDF
46 pages
ESM Banner Provisioning - Installation - PNU
No ratings yet
ESM Banner Provisioning - Installation - PNU
34 pages
Infoblox Whitepaper Data Exfiltration and Dns Closing The Back Door
No ratings yet
Infoblox Whitepaper Data Exfiltration and Dns Closing The Back Door
9 pages
SPLM Licensing Install PDF
No ratings yet
SPLM Licensing Install PDF
9 pages
Informix Administrator Guide
No ratings yet
Informix Administrator Guide
138 pages
Office Online Server 2019
No ratings yet
Office Online Server 2019
7 pages
Ipplan Installation and Configuration Guideline Centos 6
No ratings yet
Ipplan Installation and Configuration Guideline Centos 6
19 pages
Perform Post-Installation Configuration of Windows Server
No ratings yet
Perform Post-Installation Configuration of Windows Server
20 pages
Wa1901exercises Secured - Pdf-Cdekey Wfaycxxhqkyumz2d7k2d6vqfeainx23q
No ratings yet
Wa1901exercises Secured - Pdf-Cdekey Wfaycxxhqkyumz2d7k2d6vqfeainx23q
178 pages
Software-Defined Network Testbed Using ZodiacFX A
No ratings yet
Software-Defined Network Testbed Using ZodiacFX A
7 pages
5 - Statement of Work - Forcepoint Web Security System
No ratings yet
5 - Statement of Work - Forcepoint Web Security System
11 pages
VMware VCD 103 Installation Guide
No ratings yet
VMware VCD 103 Installation Guide
239 pages
Vra 75 Prepare Use
No ratings yet
Vra 75 Prepare Use
1,040 pages
Mcafee Enterprise Security Manager Data Source Configuration Reference Guide 9-13-2022
No ratings yet
Mcafee Enterprise Security Manager Data Source Configuration Reference Guide 9-13-2022
1,077 pages
Software Patterns Made Easy
From Everand
Software Patterns Made Easy
Justice Nanhou
No ratings yet
Cloud Computing : Beginners And Intermediate User Guide
From Everand
Cloud Computing : Beginners And Intermediate User Guide
David comer
No ratings yet
Gray Hat Hacking the Ethical Hacker's
From Everand
Gray Hat Hacking the Ethical Hacker's
Çağatay Şanlı
5/5 (1)
Cisco Packet Tracer for Beginners
From Everand
Cisco Packet Tracer for Beginners
kalyan chinta
5/5 (3)
SAP HANA Database - Client Installation and Update Guide (SPS 05)
No ratings yet
SAP HANA Database - Client Installation and Update Guide (SPS 05)
13 pages
Client SDK Informix Guide
No ratings yet
Client SDK Informix Guide
92 pages
Unigui Guide Eng
No ratings yet
Unigui Guide Eng
24 pages
T1505.003 - ASP/ASPX Web Shell: Description
No ratings yet
T1505.003 - ASP/ASPX Web Shell: Description
7 pages
KingSCADA Manual
No ratings yet
KingSCADA Manual
148 pages
Ali Rafi Rizvi - M365 Infrastructure
No ratings yet
Ali Rafi Rizvi - M365 Infrastructure
6 pages
Mcafee Data Loss Prevention Discover 11.10.x Installation Guide 11-8-2022
No ratings yet
Mcafee Data Loss Prevention Discover 11.10.x Installation Guide 11-8-2022
20 pages
ASP Lecture Notes
50% (2)
ASP Lecture Notes
89 pages
Web Apps
No ratings yet
Web Apps
74 pages
Python Dev Web Ser
No ratings yet
Python Dev Web Ser
9 pages
Siteminder Wa Install Enu
No ratings yet
Siteminder Wa Install Enu
194 pages
CCC Installation
No ratings yet
CCC Installation
69 pages
Windows & Linux Privilege Escalation Training (Online)
No ratings yet
Windows & Linux Privilege Escalation Training (Online)
17 pages
Attackive Directory
No ratings yet
Attackive Directory
6 pages
Online Law and Legal Case
No ratings yet
Online Law and Legal Case
36 pages
Integrated Programming Oct
No ratings yet
Integrated Programming Oct
699 pages
Adfs:Ls:Idpinitiatedsignon Aspx?
No ratings yet
Adfs:Ls:Idpinitiatedsignon Aspx?
18 pages
Chiru Resume
No ratings yet
Chiru Resume
2 pages
Plesk 7.5 For Windows: Installation Guide
No ratings yet
Plesk 7.5 For Windows: Installation Guide
21 pages
Deployment Guide-IIS
No ratings yet
Deployment Guide-IIS
23 pages
Test Plan Project
0% (1)
Test Plan Project
3 pages
IIS Web Server On Windows Server 2019
No ratings yet
IIS Web Server On Windows Server 2019
15 pages
ASC V5 0 Manual Rev B
No ratings yet
ASC V5 0 Manual Rev B
110 pages
Module 2: XML Web Service Architectures
No ratings yet
Module 2: XML Web Service Architectures
26 pages
Diagnose IIS Performance Problems Using Windows Performance Monitor
No ratings yet
Diagnose IIS Performance Problems Using Windows Performance Monitor
2 pages
Assignment:::::: Mca: MC0081 - (DOT) Net Technologies: V Semester: B0974
No ratings yet
Assignment:::::: Mca: MC0081 - (DOT) Net Technologies: V Semester: B0974
23 pages
Windows Migration and Upgrade Guide
No ratings yet
Windows Migration and Upgrade Guide
40 pages