Set up and configure IIS
- 10 Dec 2024
- 3 Minutes to read
- Print
Set up and configure IIS
- Updated on 10 Dec 2024
- 3 Minutes to read
- Print
Article summary
Did you find this summary helpful?
Thank you for your feedback
To set up and configure Internet Information Services (IIS), perform the following steps:
In the IIS manager, create an application pool.
.png?sv=2022-11-02&spr=https&st=2025-02-06T17%3A01%3A00Z&se=2025-02-06T17%3A11%3A00Z&sr=c&sp=r&sig=0Qg6CwncUfYS7OyI5ssVyRx9nVsT0WNGzbdDQxKXlks%3D "image(17).png")
Copy the OIDC webservice folder to webservices.
Copy the user.config file from a different webservice into the OIDC folder. If there are mutliple OIDC login installations, you must adjust the appSettings type. We recommend to give the type the same name as the OIDC folder. Example of the user.config file:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <appSettings> <add key="MasterConfigType" value="GenericOidcLogin" /> <add key="MasterConfigDir" value="\\<path to master.config>\master.config"/> </appSettings>Convert the application pool into an application.
.png?sv=2022-11-02&spr=https&st=2025-02-06T17%3A01%3A00Z&se=2025-02-06T17%3A11%3A00Z&sr=c&sp=r&sig=0Qg6CwncUfYS7OyI5ssVyRx9nVsT0WNGzbdDQxKXlks%3D "image(18).png")
Provide the URL to the callback endpoint to the identity provider who must add this URL to the registered application (Redirect URIs).
For example:https://<IXM-Platform-URL>/gv2/webservices/GenericOidcLogin/callback
.png?sv=2022-11-02&spr=https&st=2025-02-06T17%3A01%3A00Z&se=2025-02-06T17%3A11%3A00Z&sr=c&sp=r&sig=0Qg6CwncUfYS7OyI5ssVyRx9nVsT0WNGzbdDQxKXlks%3D "image(17).png")
.png?sv=2022-11-02&spr=https&st=2025-02-06T17%3A01%3A00Z&se=2025-02-06T17%3A11%3A00Z&sr=c&sp=r&sig=0Qg6CwncUfYS7OyI5ssVyRx9nVsT0WNGzbdDQxKXlks%3D "image(18).png")
Configure OIDC application
To configure the OIDC application, perform the following steps:
Update the master.config file. Learn more about OIDC config parameters.
<appSettings type="GenericOidcLogin"> <add key="MaxLogLevel_File" value="5"/> <!-- Update with Customer Code. --> <add key="CustomerCode" value="<CustomerCode>"/> <!-- If the outcome of the "Get started" was that the User should be created if it does not exist then the value is "true", otherwise "false". --> <add key="CreateUserIfNotExists" value="true"/> <!-- Update these URLs. --> <add key="Applications:CMS:LoginSuccessRedirectUrl" value="https://<IXM-Platform-URL>/gv2/gf/GFWebHtml/cms/index.html#/external?lang=en&cid=@@customerId@@&autologin=bysession&sh=@@sh@@&userID=@@userId@@&customerName=@@customerName@@"/> <add key="Applications:CMS:LoginFailedRedirectUrl" value="https://<IXM-Platform-URL>/gv2/webservices/GenericOidcLogin/LoginFailed"/> <!-- True for analyzing the OIDC communication. After the setup works set this config to false. --> <add key="LogOpenIdProviderCommunication" value="true"/> <!-- Either Claims.PermissionGroup or DefaultPermissionGroup must be set when CreateUserIfNotExists is true. --> <add key="UpdatePermissionGroupForExistingUsers" value="false"/> <add key="DefaultPermissionGroup" value="Default"/> <!-- Claims.PermissionGroup is only required if the Identity Provider provides the Permission Group via claims. --> <!-- <add key="Claims.PermissionGroup" value="<PermissionGroupClaim>"/> --> <!-- Either Claims.UserGroups or DefaultUserGroup must be set when CreateUserIfNotExists is true. --> <add key="UpdateUserGroupsForExistingUsers" value="false"/> <add key="DefaultUserGroup" value="Default"/> <!-- Claims.UserGroups is only required if the Identity Provider provides the User Groups via claims. --> <!-- <add key="Claims.UserGroups" value="<UserGroupsClaim>"/> --> <!-- Will be provided from the Identity provider --> <!-- In Azure the endpoint is for example "https://<subdomain>.b2clogin.com/<something>/<policy>/v2.0/.well-known/openid-configuration" --> <add key="OpenId:ConfigurationEndpoint" value="https://<url>/.well-known/openid-configuration"/> <!-- The ID of the application. In Azure it's the "Application (client) ID" of the "App registration" --> <add key="OpenId:ClientId" value="<XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX>"/> <!-- The value of the Client secret. In Azure it can be created under the "App registrations" Application -> "Certificates & secrets". --> <add key="OpenId:ClientSecret" value="<Client-Secret-Value>"/> <add key="OpenId:Scope" value="openid profile email"/> <add key="OpenId:UseUserInfoEndpoint" value="false"/> <!-- The ID of the application. In Azure it's the "Application (client) ID" of the "App registration". --> <add key="Validation:ValidAudience" value="<XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX>"/> <!-- Setting up using user claims. --> <!-- You can find the specific values in the OIDC response while first login. --> <!-- Must be unique because it will be used as username for the login, for example email address. --> <add key="Claims:ExternalUserId" value="emails"/> <add key="Claims:FirstName" value="given_name"/> <add key="Claims:LastName" value="family_name"/> <add key="Claims:Email" value="email"/> </appSettings>Go to the config.json file in the 00000 customer folder located at
www\gv2\gf\GfWebHtmlCustomer\00000.Update the following settings:
common > login > mode > sessionID: enter the session ID. This entry is mandatory.
common > applicationPath > redirectOnLogoutToUrlByUserOrigin > Saml: optionally enter the application’s URL. This setting is for multiple external logins, not only SAML.
{
"cms": {
....
},
"common": {
/* If a logout to a portal where specific apps from the customer are available
is required then setup this redirect url */
"applicationPath": {
"redirectOnLogoutToUrlByUserOrigin": {
"Saml": "https://path.to.portal"
}
},
"login": {
"mode": "sessionID"
}
}
}Request configurations from the customer
Once the customer (identity provider) has created the application, they can provide the following required configurations for the master.config file:
OpenId:ConfigurationEndpoint: this is the endpoint to the .well-known/openid-configuration. For example, the URL from Azure looks like this:
https://<subdomain>.b2clogin.com/<something>/<policy>/v2.0/.well-known/openid-configurationOpenId:ClientId: the ID of the application. In Azure, it's the Application (client) ID of the App registration.
Validation:ValidAudience: the ID of the application. In Azure, it's the Application (client) ID of the App registration.
OpenId:ClientSecret: the value of the client secret. In Azure, this can be created under App registrations > Application > Certificates & secrets.
Note
You must recycle the application pool after every master.config file update.
.png?sv=2022-11-02&spr=https&st=2025-02-06T17%3A01%3A00Z&se=2025-02-06T17%3A16%3A00Z&sr=c&sp=r&sig=h%2FOjlfuCkbfdgZSX5pdhPWFwrl8xhJY0y%2BwNriJQrK8%3D)