/
Configuring the Web Application for the Agent

You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.

Configuring the Web Application for the Agent

Nov 12, 2019
EmpowerID 2018 Documentation  /  Web Access Management  /  Current: Configuring the Sample .NET Web application for the EmpowerID Agent



After creating the WAM applications for the AndysBeans Web application, the last step to enable EmpowerID to protect it is to add the necessary key/value pairs to the application's Web.config file as described below. Not all of these key/value pairs are used with AndysBeans. For example, the EidInitializeIdentityAssemblyInfo key is used to override the default logic of the Agent for setting the HttpContext Identity. However, these optional keys are included for your information.



This example makes adjustments to the AndysBeans Web.config file. If you prefer, you can add these values to the registry instead.

However, when protecting multiple Web applications, avoid using the registry and make your adjustments for each application in that application's config file.

To alter the registry, open Registry Editor, navigate to the TheDotNetFactory\EmpowerID key and add a subkey named WebSettings and add your key/value pairs there.



To configure the Web application for the EmpowerID Agent

  1. In the navigation sidebar, expand Admin and click SAML.

  2. Search for AndysBeans and locate the ACS URL and the User Entered URL.

  3. Copy the GUID at the end of the ACS URL and the User Entered URL. You will need to add these values to the AndysBeans Web.config file.





  4. From Windows Explorer, navigate to your Web application folder and open the Web.config file with any text editor.

  5. In the Web.config file, navigate to <appSettings> and add the following key/value pairs:

    • certificateThumbprintForEncryption - This is the thumbprint of the certificate that the SAMLrequest uses to deserialize the requested URL when the agent is in SAML mode. This thumbprint must be from the certificate used when creating the SSO Connection for your Web application.

      The syntax for this setting is as follows:

    • certificateThumbprintForToken - This is the thumbprint of the certificate that is linked to the person making the API calls.

      The syntax for this setting is as follows:

    • EidInitializeIdentityAssemblyInfo: This allows you to override the default logic for settingthe HttpContext Identity. (HttpContext is the object that contains all the information about an individualHTTP request.) To override this, create your own assembly with an interface that implements IInitializeUserIdentity and set this value to that of your custom assembly.

      The syntax for this setting is as follows:

    • EidIdpUrl: This specifies the URL to which users are redirected if they are not currentlyauthenticated.

      The syntax for this setting is as follows, where "YourWebServer" is the FQDN of the server hosting your Web application and "YourSSOConnection" is the name of the SSO Connection you created for your protected Web application. In the case of AndysBeans, the value for "YourSSOConnection" is AndysBeans.




Now that we have configured the AndysBeans Web.config file for use with the agent only, we can Testing Web Access Management.