Introduction

The PingAccess Agent for IIS is a Microsoft Internet Information Services module that intercepts requests to the web server's protected resources and evaluates applicable access control policies. These policies are evaluated by either accessing a locally cached policy decision or by querying the PingAccess engine node.

The process used when a PingAccess Agent is added to the policy decision process is as follows:

  1. The client accesses a resource. If the user is already authenticated, this process continues with step 5.
  2. The agent asks PingAccess for instructions. PingAccess checks the URL policy and determines that it is a protected resource. PingAccess then redirects the client to PingFederate to establish a session.
  3. The user logs in, and PingFederate creates the session.
  4. The client is then redirected back to the resource.
  5. The agent asks PingAccess for instructions. PingAccess checks the URL policy and determines that it is a protected resource. PingAccess then checks the session token and determines that it is valid.
  6. If session revocation is enabled, PingAccess checks and updates the central session revocation list. If the session is valid, the agent is instructed to set identity HTTP headers.

Within the PingAccess Administration Console, Agent Nodes are configured with information that allows a PingAccess Agent to connect to the engine node to retrieve information about access control policies for resources within that agent's control. An agent configuration has a one-to-many relationship with PingAccess agents, allowing a single agent configuration bootstrap file to be used on multiple web servers within a server farm.

TipAn Agent Node is a shared configuration used by one or more agents, rather than a specific agent instance.

Tags Capability > API Security; Capability > Web Access Management; Hosting Environment > On-Premises; Operating System > Windows; Product > PingAccess > PingAccess Agent for IIS

Your Rating: