Technical data
Using SSL with the Microsoft Internet Information Server Plug-In
Administration Guide 12-11
4. Set the SecureProxy parameter in the iisproxy.ini file to ON.
5. Set additional parameters in the
iisproxy.ini file that define the SSL
connection. For a complete list of parameters, see “SSL Parameters for Web
Server Plug-Ins” on page -13.
For example:
WebLogicHost=myweblogic.com
WebLogicPort=7002
SecureProxy=ON
Specifying Trust of the WL-Proxy-Client-Cert Header
The plug-in can encode users’ identity certifications in the WL-Proxy-Client-Cert
header and pass the header to WebLogic Server instances (see Proxying Requests to
Another HTTP Server in the WebLogic Server Administration Guide). A WebLogic
Server instance uses the certificate information from that header, trusting that it comes
from a secure source (the Plug-In), to authenticate the user. In previous releases of
WebLogic Server, the default behavior was to always trust the
WL-Proxy-Client-Cert header. Beginning with WebLogic Server 6.1 SP2, you
need to explicitly define trust of the
WL-Proxy-Client-Cert header. A new
parameter,
clientCertProxy, allows WebLogic Server to determine whether to trust
the certificate header. For an additional level of security, use a connection filter to limit
all connections into WebLogic Server (therefore allowing WebLogic Server to only
accept connections from the machine on which the plug-in is running).
The
clientCertProxy parameter has been added to the HTTPClusterServlet and
Web applications.
For the
HTTPClusterServlet, add the parameter to the web.xml file as follows:
<context-param>
<param-name>clientCertProxy</param-name>
<param-value>true</param-value>
</context-param>
For Web applications, add the parameter to the web.xml file as follows:
ServletRequestImpl context-param