Deploying and configuring the OpenToken IIS Agent

In Server Manager, on the Manage menu, click Add Roles and Features.

In the Add Roles and Features Wizard, on the Before You Begin tab, click Next.

On the Installation Type tab, select Role-based or feature-based installation. Click Next.

On the Server Selection tab, select the IIS server. Click Next.

On the Server Roles page, select Web Server (IIS).

On the Features tab, click Next.

On the Web Server Role (IIS) → Role Services tab, in Web Server → Application Development , select .NET 3.5 Extensibility and .NET 4.6 Extensibility.

If you receive a message that asks you to add features that are required for Web Server (IIS), click Add Features.

Click Next.

On the Confirmation tab, check that the configuration is correct. Click Install.

Once the installation is complete, click Close.

Extract the IIS Integration Kit distribution file on the IIS server, and then go to dist/(x86) or dist/(x64).

Run setup.exe to install the OpenToken HTTP Module into the Windows Global Assembly Cache.

If your IIS server is version 7, register IIS with .NET Framework 4.0 by entering the following command at the Windows command prompt:

Move the agent-config.txt that you exported in Configuring an OpenToken SP Adapter instance to C:\Program Files\Ping Identity Corporation\OpenToken IIS Agent(n-bit)\conf or your equivalent.

Open C:\Program Files\Ping Identity Corporation\OpenToken IIS Agent(n-bit)\conf\pfisapi.conf for editing.

Configure it to suit your environment based on the property descriptions in the file.

If you use IIS to protect multiple sites on the same domain, set SameSiteCookie=None and SecureCookie=YES.

Save the file.

If you backed up a previous copy of the file in Upgrading an existing deployment, refer to that file to add new properties and restore your previous settings.

Restart IIS.