1. Update the OpenToken Adapter in PingFederate as shown in Updating the OpenToken Adapter.
  2. Back up your existing C:\Program Files\Ping Identity Corporation\OpenToken IIS Agent(x-bit)\conf\pfisapi.conf to a safe location.

    Refer to this copy when you complete the Deploying and configuring the OpenToken IIS Agent step.

  3. If you are upgrading from a previous deployment, open your backup copy of pfisapi.conf for editing. Add the following sections:
    Tip:

    The pfisapi.conf file included in the latest Internet Information Services (IIS) Integration Kit .zip archive shows the placement of these parameters and includes the most up to date descriptions.

    #--------------
    # Basic Options
    #--------------
    
    # (OPTIONAL) List of protected absolute URIs. Multiple patterns can be used.
    # with a separator '|'. Regular expressions are allowed.
    # This overrides values entered in ProtectedResourceList
    # The default value is blank.
    ProtectedUriList=
    
    # (OPTIONAL) List of excluded absolute URIs. Multiple patterns can be used.
    # with a separator '|'. Regular expressions allowed.
    # This will override any values entered in ExcludeList.
    # The default value is blank.
    ExcludeUriList=
    
    # (OPTIONAL) Lifetime of the OpenToken cookie in seconds.
    # If set to -1, the token-lifetime in the agent-config.txt file is used.
    # Any other value overrides the token-lifetime in in the agent-config.txt file.
    # The default value is -1.
    CookieAge=-1
    
    # (Required)
    # The SameSite cookie attribute is set to this value.
    # The allowed values for this setting are: Strict, Lax, None, and Nothing
    # The "Strict", "Lax", and "None" value changes the SameSite cookie attribute setting.
    # The "Nothing" value leaves the SameSite cookie attribute unset in the OpenToken Session Cookie.
    # For the "None" value, you must use secure attributes because cross-site cookies can only be accessed over HTTPS connections.
    # If the cookie is not secure and the "None" value is selected, the SameSite cookie attribute will not be set.
    # The default value is Nothing.
    SameSiteCookie=Nothing
    
    #-----------------
    # Advanced Options
    #-----------------
    
    # (OPTIONAL) Determines whether the cookie will be a session cookie or a persistent cookie.
    # Setting to YES will result in SessionCookie. This overrides the value in the agent-config.txt file.
    # Possible values are 'YES' and 'NO'.
    # The default value is blank.
    # SessionCookie=
  4. Set values for any new parameters. Save the file.
  5. Stop IIS.
  6. Remove the existing OpenToken HTTP Module from IIS.
    1. In the Internet Information Services (IIS) Manager, select the IIS server.
    2. On the Features View tab, double-click Modules.
    3. On the Modules tab, select the OpenToken HTTP Module.
    4. In the Actions area, click Remove.
  7. In the Windows Control Panel, uninstall the OpenToken IIS Agent program.
  8. Start IIS.