NSD1180 How to Install Pledge Enrollment on Microsoft IIS 6.0 Web Server

Fact

● Nordic Edge One Time Password Server

● Nordic Edge Pledge Client

● Microsoft IIS 6.0

● Revision History

Situation

This article describes the two different scenarios for enrolling users into the Pledge system:

● Self Service

● Centralized Administration, typically an IT-service desk

Self service and centralized administration can be configured for single profile or multiple profiles.

When is it necessary to enable multiple profile support? 

When end users have more than one device, multiple profile support should be enabled. 

For example, when a person has two different cellular phones or when using Pledge on a cellular and

Pledge on a PC.

Multiple profile support is available from OTP Server version 3 and later.

Prerequisites

● Microsoft IIS 6.0

● Microsoft .NET Framework 2.0 or later

● The Pledge client (available at http://www.securethecloud.com/pledge/downloading-pledge/)

● Nordic Edge One Time Password Server, configured for Pledge Enrollment (NSD1172)

● A Nordic Edge Pledge Web Services account and password

● Download PledgeEnrollment.zip (ver1.4)

Install and Configure the Pledge Enrollment Web Application on IIS 6.0

Follow the installation steps below:

● Extract the file “PledgeEnrollment.zip” to an appropriate location on your hard drive, for

instance [drive:]/Inetpub/wwwroot/PledgeEnrollment

● Open Internet Information Services (IIS) Manager for adding the application to an existing web

site

● Right-click an existing Web Site and select New > Virtual Directory…

● Click Next >

● Enter an Alias

● Click Next >

● Enter your application path

● Click Next >

● Set permissions Read, Run script (such as ASP) and Execute (such as ISAPI applications or CGI). 

● Click Next >

● Click Finish

● Now, right-click the Pledge Enrollment Virtual Directory in the IIS Manager and choose Properties

● Change the ASP.NET version to 2.0.x

● Click OK 

● Restart IIS (perform an iisreset from a command line)

Configure Web.config - Configuration File for the Pledge Enrollment Web Application

● Open the xml file [drive:]/Inetpub/wwwroot/PledgeEnrollment/Web.config with Notepad.exe or

any other editor. Change the variable values to match your environment

Action Variable Value Note

Keep/modify otpServerHostaddress "localhost" The OTP Server IP

address

Keep/modify otpServerPortNumber "3100" The OTP Server

portnumber

Keep/modify attributeContainingOAT

HKey

"carLicense" The name of the

attribute that contains

the Pledge key in the

user database

Keep addKeyPrefix "0x" Use "0x" for backwards

compatible mode with

older versions of the

OTP Server

Keep/modify multipleProfileSupport "false" True enables support for

multiple profiles

Keep/modify nativeClientName "" Used to communicate

the name of a native

client to One Time

Password Server via a

Nordic Edge API.

Modify pledgeWSUserAccount "pledgeUserAccount" The Nordic Edge Pledge

Factory Web Service

user name

Modify pledgeWSUserPassword "pledgeUserAccountPass

word"

The Nordic Edge Pledge

Factory Web Service

password

Keep/modify groupAttributeName "memberOf" The LDAP attribute

name that contain the

group or role value

(memberOf for AD)

Keep/modify supportGroupName "Domain Admins" The value of a CN that

contains the support

group. Must be the CN

value

Keep/modify proxyURLport "" URL and portnumber

to the proxy

server, http://

proxy.company.com:312

8

Keep/modify proxyUser "" Proxy user name (if any)

Keep/modify proxyPassword "" Password for the proxy

user name

Keep/modify proxyDomain "" Proxy domain

<appSettings>       

   <!--OTP Server Configuration-->

   <add key="otpServerHostaddress" value="localhost"/> <!--The OTP server IP address-->

   <add key="otpServerPortNumber" value="3100"/> <!--The OTP Server portnumber-->

   <add key="attributeContainingOATHKey" value="carLicense"/> <!--The name of the attribute that

contains the Pledge key in the user database-->

   <add key="addKeyPrefix" value="0x"/> <!--Use 0x for backwards compatible mode with older versions

of the OTP Server-->

   <add key="multipleProfileSupport" value="true"/><!--True enables support for multiple profiles -->

   <add key="nativeClientName" value=""/><!-- Sets the native client name used by the OTP Server -->

  <!--Nordic Edge Pledge Web Services-->

   <add key="pledgeWSUserAccount" value="pledgeFactoryAccount"/> <!--The Nordic Edge Pledge

factory Web service user name-->

   <add key="pledgeWSUserPassword" value="pledgeFactoryAccountPassword"/> <!--The Nordic Edge

Pledge factory Web service password-->

 

   <!--Settings for Centralized Administration -->

   <add key="groupAttributeName" value="memberOf"/> <!--The LDAP attribute name that contains the

group or role values (memberOf for AD).-->

   <add key="supportGroupName" value="Domain Admins"/> <!--The value of a CN that contains the

support group. Must be the CN value-->

  <!--Proxy settings (to be configured if proxy is used)-->

  <add key="proxyURLport" value=""/><!--Example: value="http://proxy.company.com:3128" -->

  <add key="proxyUser" value=""/><!--Example: value="proxyadmin" -->

  <add key="proxyPassword" value=""/><!--Example: value="proxyPassword" -->

  <add key="proxyDomain" value=""/><!--Example: value="proxyDomain -->

</appSettings>

  

Language Settings (in Web.config)In the section below, “en-US” is the selected language.

● If culture is set to “sv-SE” and uiCulture to “sv-SE”, the language is set to Swedish.

● If culture is set to “Auto” and uiCulture to “Auto”, the language is set by the browser language

settings.

NOTE: If Culture  is set "true", Culture is set by the browser

 

<system.web>

   <!-- <globalization enableClientBasedCulture="true" culture="Auto" uiCulture="Auto"/> -->

   <!-- <globalization enableClientBasedCulture="true" culture="sv-SE" uiCulture="sv-SE"/> -->

     <globalization enableClientBasedCulture="true" culture="en-US" uiCulture="en-US"/>

 

Run the Pledge Enrollment ApplicationThere are two different pages, one page for self service administration and another page for

centralized administration. The centralized administration page is typically used by persons having

administrator privileges to enroll users into the Pledge system.

To test run the Pledge Enrollment application:

● In IIS Manager: Right-click the Enroll.aspx and choose Browse

1. Scenario 1 -  Self Service Enrollment

Users can enroll into the Pledge system with this page when they have been granted the write

permission into the ldap attribute (configured in Web.config) containing the Pledge key.

Fill in the form with user name and password.

When user have an old Pledge key (an old profile) and need a new one, select “Overwrite existing

key”.

Figure: The Enroll.aspx self service page

If multiple profile support is enabled, the following page will appear instead.

Figure: The Enroll.aspx self service page with multiple profile support

Figure: The user self service result page, displaying the user name and the Pledge profile ID

2. Scenario 2 - Centralized Administration

Enter administrator user name and password as well as the “Pledge user name”, which is the user

account name of the person to enroll into the Pledge system.

Figure: The SupportEnroll.aspx administration page

If multiple profile support is enabled, the following page will appear instead.

Figure: The SupportEnroll.aspx administration page (with multiple profile support)

If the logon is successful, a Pledge profile ID is created (see below). 

Note that a new link 'Create another Pledge profile' exists.

Figure: The admin result page displaying the user name and the Pledge profile ID.

Install and Test the Pledge Profile

To install the Pledge Profile:

● Launch the Pledge Client

● Add a new profile and enter the profile ID

● Enter your PIN code (verification needed)

After this is done the new profile is ready to use.

To verify the Pledge profile ID use following test page to generate a One-Time Password from your

Pledge client:

Figure: The Pledge Profile Test page

Related ArticlesNSD1172 Configuring One Time Password Server for Pledge Enrollment

NSD1173 Pledge Enrollment for Apache TomcatNSD1199 How to install Pledge Enrollment on Microsoft IIS 7.0 Web Server

Revision History

Pledge Enrollment 1.4, rev 4

10th januari 2011

- Directory for aspx pages was changed to the root directory instead of the pages directory

- Installation guide now shows adding the application to an existing IIS web site (instead of creating a

new IIS web site)

Pledge Enrollment 1.4, rev 3

23th december 2010

- Language and terminology corrections have been performed in the application and in

the solution document

Pledge Enrollment 1.4, rev 2

7th december 2010

- Default.aspx added

- Added VerifyUser.aspx. This page helps a service desk to confirm a user by phone. The user gives his

Pledge OTP that can be verified by the Service Desk

Pledge Enrollment 1.4, rev 1

7th november 2010

- Minor change: Improved error handling added

Pledge Enrollment 1.4

20th august 2010

- Multikey support added

- New info images added

- Confirmation boxes added

- Added the option to set a native Client Name (for developers) in the web.config

Pledge Enrollment 1.3

8th april 2010

- Added proxy settings for proxyuser, proxyuser password and proxy domain.

- NordicEdgePledgeEnrollment.dll renamed to NordicEdge.PledgeEnrollment.dll

Pledge Enrollment 1.2

- Version number 1.2 was never used

Pledge Enrollment 1.1

23rd februari 2010

- NordicEdgeOTP.dll v. 1.2.2 replaced with v.1.2.3 due to issue with international characters in user

name and password

3rd februari 2010

- Error message corrected in SupportEnroll.aspx: The name of the administrator was displayed in the

error message 'Profile  already exist. ' instead of the Pledge user username 

18th november 2009 

- Proxy functionality added

Pledge Enrollment 1.0

13th november, 2009 

- NSD documentation rewritten

- The PDF document Nordic Edge - Pledge Enrollment MS DotNET 1.0.pdf removed

October 2009, initial edition