The Active Roles Web Interface can be installed on any computer that meets the system requirements and is running Internet Information Services (IIS) 7.5 or later. It is not necessary to install the Web Interface on the computer running the Administration Service. However, the computer that hosts the Web Interface must have a reliable network connection to a computer running the Administration Service.
On a Windows Server 2012 based computer, ensure that the Web Server (IIS) sever role is installed, including:
On a Windows Server 2016 or Windows Server 2019 based computer, ensure that the Web Server (IIS) sever role is installed, including:
The Web Interface Setup program configures the Web Server (IIS) server role to meet the Web Interface requirements. You can use Server Manager to verify that the server role is configured properly.
Web Interface requires Internet Information Services to provide Read/Write delegation for the following features:
Use Feature Delegation in the Internet Information Services (IIS) Manager tool to confirm that these features have delegation set to Read/Write.
When installing and initially configuring the Web Interface, you first use the Setup wizard to install the Web Interface files and then use Active Roles Configuration Center to choose the Administration Service and create the Web Interface sites.
To install the Web Interface files
By default, all components are selected. If you only want to install the Web Interface, clear the check boxes that denote unwanted components.
The Setup wizard only installs the files. After you have completed the Setup wizard, you need to configure the newly installed Web Interface by using Active Roles Configuration Center.
The procedure for configuring the Web Interface includes two stages:
Configuration Center allows you to configure the Web Interface to use:
Before configuring the Web Interface, ensure that the Administration Service is configured and started. Otherwise, Configuration Center will fail to configure the Web Interface. You can view the state of the Administration Service on the Administration Service page in the Configuration Center main window.
To perform initial configuration of the Web Interface
Configuration Center opens automatically if you select the I want to perform configuration check box on the Completion page in the Setup wizard. Another way to open Configuration Center is by selecting Active Roles 7.4 Configuration Center on the Apps page or Start menu, depending upon the version of your Windows operating system.
This starts the wizard that will perform initial configuration of the Web Interface.
Specify any Administration Service whose database holds the desired configuration, by supplying in the fully qualified domain name of the computer running that Administration Service. If Active Roles replication is used to synchronize configuration data, this must be any Administration Service whose database server acts as the Publisher for the configuration database.
Configuration Center creates three Web Interface sites based on the following configuration templates:
Each configuration template provides an individual set of commands installed by default. Once a Web Interface site has been created, you can customize its configuration by adding or removing commands, and by modifying Web pages (forms) associated with commands. The customization procedures are covered in the Active Roles Web Interface Administration Guide.
After initial configuration, you can modify Web Interface site parameters, such as the Web application alias, create new Web Interface sites, or delete existing Web Interface sites.
After initial configuration, you can use Configuration Center to create additional Web Interface sites, as well as modify or delete existing Web Interface sites.
When creating Web Interface sites, you have the option to apply the configuration of an existing Web Interface site to the newly created one. If you have the Web Interface site tailored to meet your requirements, and need to deploy its instance on another Web server, this option ensures that the new Web Interface site has the same set of menus, commands and pages as the existing one.
To create, modify or delete a Web Interface site
You can open Configuration Center by selecting Active Roles Active Roles Configuration Center on the Apps page or Start menu, depending upon the version of your Windows operating system.
Choose this option if you want the Web Interface site to use a separate configuration that is initially populated with the template data.
Use an existing configuration Assign an existing configuration to the Web Interface site. With this option, you need to select the desired configuration from a list of configurations found on the Administration Service. The list includes the configurations of the current Active Roles version only.
Choose this option if you want the Web Interface site to share its configuration with other Web Interface sites. For example, when creating a new instance of a given site for load balancing, you should assign the configuration of that site to the new Web Interface site.
Choose this option if you want the Web Interface site to use a separate configuration that is populated with the data imported from a configuration of an earlier Active Roles version or copied from a configuration of the current Active Roles version.
Choose this option if you want the Web Interface site to use a separate configuration that is populated with the data found in an export file. You could create an export file from the Web Interface page in Configuration Center, by selecting a site and then selecting Export Configuration. Earlier Active Roles versions used the Web Interface Sites Configuration wizard to export Web Interface site configuration data.
Each Web Interface site can be accessed from a Web browser using the address based the Web application alias:
http://<WebSite>/<Alias>
Here, <WebSite> identifies the IIS Web site containing the Web application that implements the Web Interface site and <Alias> stands for the alias of that Web application, as specified in Configuration Center. For example, if the Web application is contained in the default Web site, the address is http://<Computer>/<Alias>, where <Computer> stands for the network name of the computer (Web server) running the Web Interface.
By default, Web Interface users connect to the Web Interface using a HTTPs transport, which encrypts the data transferred from a Web browser to the Web Interface. If your business process does not require a secure transport for passing data to the Web interface, you can disable the HTTPs option using the Configuration Center and use the HTTP transport.
The secure hypertext transfer protocol (HTTPS) uses Secure Sockets Layer (SSL) provided by the Web server for data encryption. For instructions on how to enable SSL on your Web server, see “Configuring Secure Sockets Layer in IIS 7” at http://go.microsoft.com/fwlink/?LinkID=108544.
By default, Active Roles users connect to the Web interface using a HTTP protocol, which does not encrypt the data during communication. However, it is recommended to use a HTTPS protocol to transfer data securely over the web. You can use the Force SSL Redirection option in the Configuration Center to enable secure communication over HTTPS for the Web interface on local or remote servers.
To configure the Web interface for secure communication for the first time
The Web Interface page lists all the Web interface sites that are deployed on the Web server running the Web interface.
The Manage Force SSL Redirection Settings for sites window is displayed.
The configuration status of the website is displayed.
|
NOTE:
|
The Available HTTPS Bindings field is enabled and displays the list of HTTPS bindings configured for the selected web site in the format: <IP adress, Port, Host name>.
|
NOTE:
|
After successful completion of configuration changes, in the Web Interface window, the Force SSL Redirection configuration state for the selected web site is displayed as green and enabled.
|
NOTE: The browser cache must be cleared after any changes are made to SSL settings. |
For the configured web site, any HTTP communication is now redirected to HTTPS automatically.
By default, Active Roles users connect to the Web interface using a HTTP protocol, which does not encrypt the data during communication. However, it is recommended to use a HTTPS protocol to transfer data securely over the web. You can use the Force SSL Redirection option in the Configuration Center to enable secure communication over HTTPS for Web interface on local or remote servers.
In case you do not want a secure communication enabled for transferring data over the web, you can disable the HTTPS option using the Force SSL Redirection option in the Configuration Center.
To disable the secure communication for Web interface sites
The Web Interface page displays all the Web interface sites that are deployed on the Web server running the Web interface.
The Manage Force SSL Redirection Settings for sites window is displayed. The Enable Force SSL Redirection option is enabled after HTTPS configuration.
In the IIS Web site field, select the required web site from the drop-down list.
To disable the force SSL redirection, switch between the Enable Force SSL Redirection states. Turn it off.
|
NOTE: The browser cache must be cleared after any changes are made to the SSL settings. |
After successful completion of the configuration changes, in the Web Interface window, the Force SSL Redirection configuration state for the selected web site is displayed as not configured.
After disabling the Force SSL Redirection, all communication is now redirected to HTTP.
For more information on secure communication and Federated Authentication, see Working with Federated Authentication.
In addition to the Administration Service, MMC Interface and Web Interface, Active Roles allows you to install the following components:
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책