Internet Information Services (IIS) Integration Kit

Known issues and limitations

The following are known issues or limitations for the IIS Integration Kit.

Known issues

There are no known issues.

Known limitations

  • If IIS has been previously installed and then uninstalled, the installer doesn’t recognize IIS 7.0 (or 7.5) as uninstalled, nor does it stop the installation.

  • The IIS Integration Kit doesn’t support newline characters (such as \n and \r) within attributes.

  • When using Form POST as the transport mode in the SP OpenToken adapter, it might be necessary to add a trailing / into the URL to access the protected resources.

  • The OpenToken name you specify in the adapter setup must be unique within the given federation, but the admin console doesn’t enforce this.

  • When using the installer to upgrade by uninstalling and reinstalling the agent, you must restart IIS after uninstall and before reinstall to ensure that old DLL’s aren’t used. You can reset IIS with the resetiis /noforce command.

  • After uninstalling, you must remove any application mappings you set up manually. The uninstall script cannot remove these mappings.

  • When using cookie as the OpenToken transport method, the domain configured in the adapter setup must match the domain configured in the pfisapi.conf file. If these don’t match, you can end up with a persistent cookie. This is not enforced in the admin console.

  • When using a non-session cookie as the OpenToken transport method, there isn’t a session cookie configuration defined in the agent config file. Set the SessionCookie type in the pfisapi.conf file by removing the # and setting it to YES or NO.

  • Classic managed pipeline mode isn’t supported.

  • Attempting to access the POST data of a request in a native module in IIS 7 after the data has been accessed by a managed module (such as the OpenToken Module) prevents the native module from accessing the data. This is a limitation of IIS 7.

    The issue also applies when using Query Parameter as the transport method. The only workaround for this issue is to use Cookie as the transport method

  • The OpenToken Module can’t be selected from the list of module types. Instead, enter it manually, as shown in Adding the OpenToken HTTP Module in IIS.

  • You can only add the OpenToken Module at the global server level. If you require implementation on a per-website basis, contact Ping Identity about PingAccess.