- Install the Web Server Role (If it is not already installed). The Web Server role must be installed on the FootPrints Service Core server. In addition to the Web Server role, the following sub-components of the Web Server role must also be installed:
- CGI
- ISAPI Extensions
- ISAPI Filters
- Windows Authentication
NOTE: If the intention of integrating IIS with Tomcat is to be able to use Web Server Authentication in FootPrints, the WebDAV extension must not be installed as it is known to cause Server Error: Method Not Allowed errors when saving tickets and other items.
- Download the IIS Tomcat connector (isapi_redirect.dll) from here. Make sure to download the most current and correct version for your operating system. For example, if you are installing on a 64-bit Windows system, download the 64-bit connector dll (tomcat-connectors-1.2.40-windows-x86_64-iis.zip or version newer than 1.2.40 if available).
- Create a folder on the application server and named isapi. For example:
C:\isapi
- Copy the isapi_redirect.dll file to the isapi folder.
NOTE: When creating the text files below, be sure the files are named exactly as specified below (WITHOUT the ".txt" extension). Additionally, it is recommended to disable "Hide File Extensions for known file types", for the folders in the event that when the file is named incorrectly, the file will be immediately seen and the filename corrected.
- Create a text file in the isapi folder named:(change the text file to PROPERTIES file type)
workers.properties
See the NOTE immediately above step 5.
- Add the following text to the workers.properties file:
worker.list=servicecore
worker.servicecore.host=localhost
worker.servicecore.port=8009
worker.servicecore.type=ajp13
worker.servicecore.max_packet_size=65536
- Save and close the workers.properties file.
- Create a text file in the isapi folder named:(change the text file to PROPERTIES file type)
See the NOTE immediately above step 5.
uriworkermap.properties
- Add the following text to the uriworkermap.properties file:
Note: If you had configured Tomcat to serve Footprints on a site other than the default /footprints/servicedesk/ directory, please adjust the value below.
/footprints/servicedesk/*=servicecore
- Save and close the uriworkermap.properties file.
- Create a text file in the isapi folder named: (change the text file to PROPERTIES file type)
See the NOTE immediately above step 5.
isapi_redirect.properties
- Add the following text to the isapi_redirect.properties file:
Note: If you had configured Tomcat to serve Footprints on a site other than the default /footprints/servicedesk/ directory, please adjust the
extension_uri value below.
extension_uri=/footprints/servicedesk/isapi_redirect.dll
log_file=$(JKISAPI_PATH)\..\logs\$(JKISAPI_NAME).log
log_level=info
worker_file=C:\isapi\workers.properties
worker_mount_file=C:\isapi\uriworkermap.properties
- Save and close the isapi_redirect.properties file.
- Start the Internet Information Services (IIS) Manager.
- Select the Server node (The root node which represents the web server).
- Open the "ISAPI and CGI Restrictions" feature.
- Add a new Restriction.
- In the "ISAPI or CGI path" field, browse to and select the isapi_redirect.dll file from the isapi folder.
- Enter "Service Core" in the "Description" field.
- Check the "Allow extension path to execute" box.
- Save and close the "Add ISAPI of CGI Restriction" dialog.
- Select the "Default Web Site" (or the web site you want to use for FootPrints Service Core).
- Open the "ISAPI Filters" feature.
- Add a new ISAPI Filter.
- In the "Filter name" field enter "Service Core".
- In the "Executable" field, browse to and select the isapi_redirect.dll from the isapi folder.
- Save and close the "Add ISAPI Filter" dialog.
- Select the "Default Web Site" (or the web site you want to use for FootPrints Service Core).
- Open the "Handler Mappings" feature.
- Click the "Edit Feature Permissions" link in the "Actions" panel.
- Check the "Read", "Script" and "Execute" boxes.
- Save and close the "Edit Feature Permissions" dialog.
- Create the IIS virtual directory. NOTE:: The IIS virtual directory path must match the path of FootPrints Service Core on the Tomcat server. These instructions assume the default paths were used (footprints/servicedesk). If a different path was used, create the virtual directories to match the path on the Tomcat server. Failure to use the same path may results in IIS error "403 Forbidden".
- Right click the "Default Web Site" and select "Add Virtual Directory?".
- Enter "footprints" in the "Alias" field.
- In the "Physical Path" field, browse to and select the isapi folder.
- Save and close the "Add Virtual Directory" dialog.
- Select the newly created virtual directory named "footprints".
- Right click the "footprints" virtual directory and select "Add Virtual Directory".
- Enter "servicedesk" in the "Alias" field.
- In the "Physical Path" field, browse to and select the isapi folder.
- Save and close the "Add Virtual Directory" dialog.
- Select the "servicedesk" virtual directory.
- Open the "Handler Mappings" feature.
- Click the "Edit Feature Permissions" link in the "Actions" panel.
- Check the "Read", "Script" and "Execute" boxes.
- Save and close the "Edit Feature Permissions" dialog.
- Select the "servicedesk" virtual directory.
- Open the "Default Document" feature.
- Click the "Enable" link in the "Actions" panel. NOTE: If there is only a "Disable" link, the feature is already enabled. Your Tomcat/IIS integration is now complete. If Tomcat and IIS have been integrated for the purpose of using Web Server Authentication, advance to the NEXT step. If not using Web Server Authentication, then skip ahead to step 48 (restart Tomcat).
- Select the "servicedesk" virtual directory.
- Open the "Authentication" feature.
- Select "Anonymous Authentication" and click the "Disable" link in the "Actions" panel.
- Select "Windows Authentication" and click the "Enable" link in the "Actions" panel.
- Select the "Default Web Site".
- Open the "Request Filtering" module from feature panel.
- Click on "Edit Feature Settings…" link in the Actions panel to the right.
- Change the value of “Maximum URL length” and “Maximum query string” to be "65536" and click OK.
- Open server.xml in your Tomcat installation folder. For example: C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\server.xml, or C:\Program Files\Apache Software Foundation\Tomcat 8.5\conf\server.xml
- Replace the following lines:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
with:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" secretRequired="false" packetSize="65536" tomcatAuthentication="false" URIEncoding="UTF-8" allowedRequestAttributesPattern=".*"/>
WARNING! Please copy the line exactly as it is shown. The new attribute (tomcatAuthentication) is case sensitive so it is important that it matches exactly or it will not work. - Restart Tomcat.
- Restart IIS:
- Right click the Server node (The root node which represents the web server)
- Select "Stop".
- Right click the Server node (The root node which represents the web server).
- Select "Start"
- IIS is now configured to forward all FootPrints Service Core requests to the Tomcat server. You can test this by browsing to http://localhost/footprints/servicedesk (or http://FPservername/footprints/servicedesk if accessing from a client computer) on the FootPrints Service Core application server.
If it is desired to enable Web Server Authentication, see the article for
enabling Web Server Authentication in FootPrints Service Core 12.
Troubleshooting:
When using IIS Redirect to support Footprints Web Server Authentication and using HTTPS/SSL in IIS, you can get an error using Footprints Scheduled reports. Please see this article:
Footprints 12 Auto-Run Report ErrorsIf you miss the steps to update the Apache Tomcat server.xml file, you can get the error described in this article.
FPSC 12 - Message: Header message of length [65,532] received but the packetSize is only [8,192]If there are problems uploading files larger then 30MB, you will have to follow the directions below to change the settings in IIS 7 or IIS 8.
"Invalid response - Unable to decode server's response to JSON" error occurs when attempting to upload attachment larger than 30MBDid you install Footprints
12.XX - 20.XX using a different url then /footprints/servicedesk?
Change all of the instructions to use the different URL in creating the ISAPI redirect and IIS configuration, per the note instructions.
Upgrade tomcat from 7 to 8.5:
https://bmcsites.force.com/casemgmt/sc_KnowledgeArticle?sfdcid=000164588
to add to the tomcat upgrade process, please note below point if you using IIS integration :In order to process passthrough authentication, the NTFS file permissions on isapi_redirect.dll must allow the groups "IIS_IUSRS" and and "Authenticated Users" Read/Execute permissions. Because Tomcat 7.0 and Tomcat 8.5 install to different directory paths, the permissions will not be inherited from the previous installation.
NOTE:Performance may be slower when integrating IIS as additional "hops" have to be performed via the third party application IIS.
NOTE:These are the instructions to configure IIS integration with FootPrints.
Any changes in IIS that deviates from these has a possibility of breaking the integration.