Manage the PingAccess agent for Internet Information Services (IIS) configuration through the IIS Manager application.
During the installation of the agent, a configuration schema extension is added to the
system.webServer
section. This schema extension adds the two
configuration options defined in the following table.
Parameter | Definition | Default Value |
---|---|---|
PaaCertificateDir |
String value containing the path to the certificates extracted from the
|
|
PaaPropertyFiles |
List of |
|
Do not make any changes to these configuration parameters if the steps in the Installation section were followed.
The configured agent.properties files can contain the following parameters.
Parameter | Definition | Default Value |
---|---|---|
agent.engine.configuration.scheme |
The URI scheme used to connect to the engine node. Valid values are
|
|
agent.engine.configuration.host |
The PingAccess hostname. |
The value in the Agent Node's PingAccess Host field. |
agent.engine.configuration.port |
The port the agent connects to on the PingAccess host. This value is
defined in the PingAccess |
Defined in the PingAccess Admin UI |
agent.engine.configuration.username |
The unique agent name that identifies the agent in PingAccess. |
Defined in the PingAccess Admin UI |
agent.engine.configuration.checkCertRevocation |
Determines whether the agent performs certificate revocation list
checking against the server certificate used by the engine nodes or by a
load balancer in front of the engine nodes. A value of |
Not present by default. Treated as 1 when not specified. |
agent.engine.configuration.shared.secret |
The password used to authenticate the agent to the engine. |
Defined in the PingAccess Admin UI |
agent.engine.configuration.bootstrap.truststore |
The base64-encoded public certificate used to establish HTTPS trust by the agent to the PingAccess engine. Note:
If you are having difficulty connecting an agent to the PingAccess engine, verify that the Agent Trusted Certificate has been configured correctly in Agent Management. |
Generated by PingAccess |
agent.engine.configuration.maxConnections |
The number of connections a single web server worker process maintains to
the PingAccess engine defined in the
|
10 |
agent.engine.configuration.timeout |
The maximum time, in milliseconds, a request to PingAccess can take from
the agent. If this time is exceeded, the client will receive a generic
|
30000 |
agent.engine.configuration.connectTimeout |
The maximum time, in milliseconds, the agent can take to connect to the
PingAccess engine. If this time is exceeded, the client will receive a
generic |
30000 |
agent.cache.missInitialTimeout |
The maximum time, in milliseconds, a web server worker process waits for a response to a policy cache request sent to other web server worker processes. |
5 |
agent.cache.broker.publisherPort |
The network port web server processes use to publish policy cache requests to other web server worker processes. This port is bound to the localhost network only. |
3031 |
agent.cache.broker.subscriberPort |
The network port web server processes use to receive policy cache requests from other web server worker processes. This port is bound to the localhost network only. |
3032 |
agent.cache.maxTokens |
The maximum number of tokens stored in the policy cache for a single web server worker process. A value of 0 means there is no maximum. |
0 |
agent.cache.disabled |
Determines whether caching of policy decisions is enabled or disabled. A
value of
Note:
PingAccess 3.2 does require the cache be disabled in order to process these rules correctly from an agent. This might also be desirable for custom rules created using the PingAccess SDK that involve data that changes with every request within a resource and session. Warning:
Disabling caching has a significant impact on the scalability of the PingAccess Policy servers, as every rule evaluation is processed by the Policy Server. This option should only be used as a last resort because of the performance penalty. |
0 |
agent.cache.type |
Controls the type of policy cache used by the agent. There are three valid values for this property:
|
AUTO |
agent.send.inventory |
Determines whether the This header contains the following fields:
For more information, see Agent inventory logging. |
|
agent.inventory |
Specifies additional values to include in the
The following syntax is used.
Note:
The specified header fields are case-sensitive. |
Not present by default. |
You can add comments to the agent.properties files if necessary.
Lines beginning with the #
or !
characters are ignored
by the agent.
Changes to the agent.properties file require a restart of the web server.
See the Performance tuning guide for discussion on improving agent performance.