The IIS 6 Module Configuration writes to an .xml file named dpmodulecfg.xml in the installation directory. It is possible to edit this file directly instead of using the IIS 6 Module Configuration. Increment the Revision number by 1 to have your changes take effect.
Note
This option is recommended only for advanced users. The IIS 6 Module Configuration GUI will prevent most common configuration mistakes, but there are no such checks made when edits are made directly to the configuration file. Incorrect changes to the configuration file may cause the IIS 6 Module to stop working.
Example configuration file
<Trace-File type="string" data="C:\Program Files\VASCO\Digipass Authentication for IIS Basic\Log\dpiis.trace"/>
</Tracing>
<Idle-Timeout type="unsigned" data="5"/>
<Modify-Auth-Headers type="unsigned" data="0"/>
<Component-Type type="string" data="IIS6 Module"/>
<Error-Page type="string" data="c:\windows\Help\iisHelp\common\401-4.htm"/>
Configuration
The configuration file is UTF8 encoded. Non-UTF8 encoded characters should not be added to the configuration file, or it will not load.
3.2.1 Configuration Settings
The table below lists the options, their default values, and a brief explanation of each.
Table 1 – Configuration Options
Option Name Default Value Notes
Revision 1 The current revision of the configuration. This is incremented each time the configuration is changed and allows the IIS 6 Module to automatically reload its configuration parameters. If you have manually changed configuration settings in the file, increment this setting by 1 so that your changes take effect.
Enabled 1 Whether the IIS 6 Module is enabled or disabled. If disabled, does not block access, but does not intercept authentication requests – they pass through unmodified.
Default-Component-Type IIS6 Module Default Component type to specify when connecting to an Authentication Server.
Trace/Trace-Header 31 The tracing header fields that have been enabled. This is a bitmask constructed by adding the following values:
1 Enable the Date field 2 Enable the Time field 4 Enable the Tracing level field 8 Enable the Thread ID field 16 Enable the File field 32 Enable the Line field
eg. for DATE,TIME,LEVEL = 1 + 2 + 4 = 7
A value of 0 will result in no header being added to the trace output.
Trace/Trace-Mask 0x00000000 Hexadecimal or decimal values:
Trace/Trace-File <installation directory>\
Log\dpiis.trace
The absolute path and filename of the file to which internal state tracing will be written. The file but not the path will be created by the IIS6 module if it does not exist.
If this option is blank, the IIS 6 Module will not output tracing.
Hex Decimal
0x00000000 0 No tracing
0x0010000E 1048590 Configuration and error messages only 0xFFFFFFFF 4294967295 All levels enabled.
Configuration
Option Name Default Value Notes
AAL3/SEAL/Local-Address IP address
The local IP address to be used when connecting to Authentication Servers.
AAL3/SEAL/Connection-List/Load-Balancing
False Whether load balancing is enabled for connections to Authentication Servers.
AAL3/SEAL/Connection-List/
Connection <number>/
Name
<blank> Text to display in the Servers list on the Configuration.
AAL3/SEAL/Connection-List/
Connection <number>/
Address
127.0.0.1 IP Address of the Authentication Server.
AAL3/SEAL/Connection-List/
Connection<number>/ Port
20003 Port to use in connecting to the Authentication Server for SEAL.
AAL3/SEAL/Connection-List/
Connection<number>/
Server-Type
Primary Either Primary or Backup Authentication Server. This setting affects load-balancing.
AAL3/SEAL/Connection-List/
Connection <number>/
Nr-Connections
10 The maximum number of concurrent connections which the IIS 6 Module may hold open to the Authentication Server.
AAL3/SEAL/Connection-List/
Connection <number>/Min-Reconnect-Interval
30 The minimum amount of time in seconds that the IIS 6 Module will leave between attempts to reconnect to a higher-priority server after losing connection to it.
AAL3/SEAL/Connection-List/
Connection <number>/Max-Reconnect-Interval
300 The maximum amount of time in seconds that the IIS 6 Module will leave between attempts to reconnect to a higher-priority server after losing connection to it.
Idle-Timeout 5 Session idle timeout in seconds.
Option Name Default Value Notes
Error-Page %WINDIR%\Hel
p\iisHelp\
Common\401-4.html
This option allows you to specify a HTML page which will be presented to a User if their login is rejected by the IIS 6 Module.
Realm <blank> Realm value used in IIS. See 3.1.8 Realm for more information Encoding ISO-8859-1 The character encoding to use in sending a login request to the
Exchange. This allows the use of international character sets (see 3.2.2 Modify Character Set Used)
Attribute-Group <blank> The Attribute Group name to use in retrieving credentials from a Digipass User account.
Use-Attribute-For-User-Name
0 If this option is enabled, the IIS 6 Module will retrieve a User-Name attribute from a Digipass User account. It will replace the User ID entered during login with the attribute value before passing the request to the Exchange server.
0 Disabled. The User ID will not be replaced with the User attribute.
1 Enabled. The User ID will be replaced with the User-Name attribute.
Use-Attribute-For-Password 0 If this option is enabled, the IIS 6 Module will retrieve a Password attribute from a Digipass User account. It will replace the password entered during login with the attribute value before passing the request to the Exchange server.
0 Disabled. The password will not be replaced with the User attribute.
1 Enabled. The password will be replaced with the Password User attribute.
Configuration
3.2.2 Modify Character Set Used
If you are using non-Western European characters, the IIS 6 Module may need to be configured to use a specific character set when submitting login requests to the Exchange server.
The character set to be used can be modified in the IIS 6 Module configuration file (dpmodulecfg.xml) in the
<installation directory>\bin directory. Edit the Encoding setting to the desired character set code – these are listed in the table below.
Caution
The IIS 6 Module can only be configured to use a single character set – it is not able to handle multiple character sets simultaneously.
Table 2 - Character Set Codes
Language ISO code Windows code Other code(s)
Arabic ISO-8859-6 CP1256
Baltic ISO-8859-4 or ISO-8859-13 CP1257
Central European ISO-8859-2 CP1257