SilhouetteTokenService Web Application Installation
The SilhouetteTokenService web application is introduced as a component of SilhouetteCentral in Silhouette v4.11. The following steps install the SilhouetteTokenService web application on IIS.
- Create the folder you want to serve the web application from. The web application stores a number of files (including logs) in a directory under the web application folder. You may want to set the web application physical path storage location to allow for data growth, encryption, and backup requirements.
- Grant Read and Execute rights to the built-in group IIS_IUSRS on the folder if not already inherited.
- Unzip the supplied SilhouetteTokenService archive into the folder.
- Setup IIS to serve this folder as a Web Application, see Configure IIS to Serve the SilhouetteTokenService Web Application below.
- Create a sub directory in the folder named Files and grant modify rights on the folder to the Application Pool Identity.
|
The SilhouetteTokenService component must be the same version as the SilhouetteCentral component and you should be supplied archives for both components at the same time. |
Configure IIS to Serve the SilhouetteTokenService Web Application
The table shown here provides the short list of configuration values that need to be set when deploying the SilhouetteTokenService web application. The configuration items listed with 'No' in the Required Value column of the table are free to be adjusted according to the system design.
| Configuration Item | Value | Required Value? |
|---|---|---|
| IIS - Web Site - Physical Path | %SystemDrive%\inetpub\wwwroot |
No |
| IIS - Web Site - Preload Enabled | True | Yes |
| IIS - Application Pool - Name | SilhouetteToken | No |
| IIS - Application Pool - .NET CLR version | No Managed Code | Yes |
| IIS - Application Pool - Managed pipeline mode | Integrated | Yes |
| IIS - Application Pool - Start Mode | AlwaysRunning | Yes |
| IIS - Application Pool - Identity | ApplicationPoolIdentity |
No |
| IIS - Application Pool - Idle Time-out (minutes) | 180 | No |
| IIS - Application Pool - Load User Profile | True | Yes |
| IIS - Web Application - Physical Path | c:\inetpub\wwwroot\silhouettetoken |
No |
| IIS - Web Application - Alias |
silhouettetoken |
No |
| IIS - Web Application - Application Pool | SilhouetteToken | No |
| IIS - Web Application - Preload Enabled | True | Yes |
The above table of configuration items offers a good set of recommended values, however there may be reasons to deviate from the recommendations in specific scenarios. The following table lists recommendations and considerations important to the SilhouetteTokenService web application operation.
| Configuration Item(s) | Recommendation or Considerations |
| IIS - Application Pool - Identity | Typically use the same setting as used for the SilhouetteCentral web application component. |
| IIS - Application Pool - Idle Time-out (minutes) | The default IIS Application Pool Idle Timeout is 20 minutes. It is recommended extending this to reduce the number of application restarts during idle periods. |
| IIS - Web Application - Physical Path |
Typically set this to a directory in a similar location as the SilhouetteCentral web application component. Do not set it as a sub directory of the SilhouetteCentral web application as this causes nested web config files and can create errors. The SilhouetteTokenService web application stores a number of files (including logs) in a directory under the web application folder. You may want to set the web application physical path location to allow for data growth, encryption, and backup requirements. If you set this to a directory outside of the website directory, ensure you grant read & execute rights to the IIS_IUSRS built in windows group. |
| IIS - Web Application - Alias |
Use a lower case value. Using a lower case value helps to avoid configuration errors at a later stage. |
Some general guidance on configuring IIS is included in Appendix A: IIS Configuration.