Configuring UNIFYBroker for use with IIS

For environments utilising the Identity Broker Web Component, or for finer control of security, access and other settings, UNIFYBroker can be configured for hosting by IIS.

In order to successfully connect with IIS, ensure that the UNIFYBroker self-hosted option is disabled. See Configuring for use with embedded web server for more information.

CHECK: The optional IIS components Windows authentication and ASP.NET v4.5 must be installed.

Setting up for use with IIS 8

CHECK: As of IIS 8, ISAPI and CGI restrictions is now an optional server role. Ensure that it has been added through the Windows add server role in Server Manager.

Continue configuration using the steps for IIS 7.5.

Setting up for use with IIS 7 or 7.5

CHECK: Before adding UNIFYBroker as a web site to IIS, a new or existing application pool must be updated to use .NET 4. This can be achieved by navigating to the Application Pools item in the Connections pane and clicking on Basic Settings for the new or existing application pool.


Right-click on Sites in the Connections pane and select Add Web Site....


Configure the website settings appropriately, ensuring to use a port that is not already in use. Ensure that the site is appropriately named, then select the physical path of the UNIFYBroker Web directory.

For a default install, this will be the Web directory. For an install utilising the optional Identity Broker Web Component, this will be the StandaloneWeb directory.


Select the appropriate application pool by using the Select... button.


Confirm the site settings are correct, then click OK.

Select the appropriate site in the Connections pane and navigate to Application Settings.


Ensure the UNIFYBroker endpoint addresses are correctly configured and pointing to the UNIFYBroker service, then click OK.

CHECK: For a remote instance of the UNIFYBroker Service, ensure that the service endpoint can be contacted.


Select the appropriate site in the Connections pane and navigate to Authentication.


Configure the web site to use Windows Authentication, and turn Anonymous Authentication off.


On the server Home page, confirm ASP.NET v4 is correctly configured under ISAPI and CGI Restrictions.

ALERT: Since .NET v4.5 is an in-place upgrade of v4, if you have v4.5 installed it will still show up as v4.



CHECK: If ASP.NET v4 is missing, open a command prompt and execute the following command: C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -ir


Refresh the tab and verify the presence of the ASP.NET v4 entries. Ensure both are set to Allow.


Confirm that UNIFYBroker has been successfully configured by browsing to the configured address, or by browsing from IIS Manager.


Setting up for use with IIS 6

Add a new Web Site from IIS Manager using the menu item New followed by Web Site.

Enter a name for the site in the site description.

Configure the settings of the site. Ensure that the selected port is not currently in use, keeping in mind whether the self-hosted option is still in use. Consider turning the self-hosted option off.

Select the physical path of the UNIFYBroker Web directory. Turn anonymous access off.

For a default install, this will be the Web directory. For an install utilising the Web Component, this will be the StandaloneWeb directory.

Configure the permissions of the site as required.

Once the wizard has completed, right-click the new site and navigate to Properties.


Navigate to the Directory Security tab, then Edit under Authentication and access control.

Ensure that anonymous access has been disabled, and that Integrated Windows authentication is enabled. Click OK.

Under the ASP.NET tab, select ASP.NET 4.

The UNIFYBroker Web Component must be configured to point to the location of the UNIFYBroker Service. Locate the Web.config file. For the default install, this will by default be located at C:\Program Files\UNIFY Solutions\Identity Broker\Web\

For the web component, this will by default be located at C:\Program Files\UNIFY Solutions\Identity Broker\StandaloneWeb

Locate the endpoints of the following format:

<add key="endpointAddress" value="http://localhost:59990/IdentityBroker/IdentityBrokerManagementStudio.svc"/>

The value must be modified to match the location of the UNIFYBroker service. Typically, this involves changing localhost to the name of the server on which the service resides for each endpoint address.

Browse to the UNIFYBroker website at the address specified, or by clicking Browse from IIS.

Is this article helpful for you?

The required server roles can be added using the following PowerShell command:

Install-WindowsFeature `
    Web-WebServer, `
    Web-Common-Http, `
    Web-Default-Doc, `
    Web-Dir-Browsing, `
    Web-Http-Errors, `
    Web-Static-Content, `
    Web-Health, `
    Web-Http-Logging, `
    Web-Performance, `
    Web-Stat-Compression, `
    Web-Security, `
    Web-Filtering, `
    Web-Windows-Auth, `
    Web-App-Dev, `
    Web-Net-Ext45, `
    Web-Asp-Net45, `
    Web-CGI, `
    Web-ISAPI-Ext, `
    Web-ISAPI-Filter, `
    Web-Mgmt-Tools, `
    Web-Mgmt-Console

Thanks to Matt Woolnough for supplying this.