Maverics Authentication for IIS

How to configure and deploy the Maverics Authentication for IIS Service Extension from the Maverics UI.

The Maverics Auth for IIS requires an API app type using Serve.

• Create an API app type
• Configure the Maverics Auth for IIS Service Extension

Prerequisites

• Windows Server 2008 R2 or later
• Administrator privileges
• IIS with web server features enabled
• ASP.NET application(s) handling user identity through the HTTPContext class configured in IIS

Requirements

• Orchestrator on Windows (maverics-orchestrator.msi) downloaded from the Maverics UI
• Maverics Authentication for IIS module installed on the target Windows server
• App(s) and/or site(s) have been configured in the IIS console
• Microsoft Entra ID SAML IdP created and deployed from the Maverics UI
• Obtain the api-sample.go Service Extension from the Strata GitHub repository: https://github.com/strata-io/services-team/blob/main/customers/Future%20Customer/api-sample.go

Create the Maverics Auth for IIS Service Extension

1. Log in to Maverics, then click Applications from the left navigation.
2. Under Application Types, click API.
3. From the API Configuration page, complete the following:
   1. Enter a friendly name for the app, for example mavsAuthIIS
   2. Upload an image file to represent your app in the Maverics UI (OPTIONAL)
   3. Click Create.
4. From the service extension configuration page, click Applications > Edit.
5. From the Serve dialogue, select Enable Libraries > os. This exposes the required OS-level package needed by the service extension.

The os/exec package is not required. Editing the name and function name of the service extension is option. 6. Click Save. 7. In a code editor, copy the contents of api-sample.go and paste it into the service extension body in the UI. 8. Click Update.

Create and deploy the Mavs Auth for IIS SE User Flow

1. From the left navigation, click User Flows.
2. Click New then complete the following:
   1. Enter a friendly name for the user flow.
   2. From the dropdown menu, select your Maverics Auth for IIS application.
   3. Click Create.
3. Click Commit, add comments for your revision (optional), then click OK.
4. Click Deploy, select a revision and an environment, then click OK.

NOTE: Ensure to select the environment associated with the Orchestrator running on Windows.

From the Deployment Preview page, review the side-by-side diff. You should see a code block for maverics.json similar to the following:

{
  "apis": [
    {
      "allowedProtectedPackages": [
        "os"
      ],
      "flowName": "MavsAuthIIS",
      "id": "0241d190-1363-410c-a3c6-df9bb251ff57",
      "name": "iisModule",
      "serveSE": {
        "file": "./service-extensions/0241d190-1363-410c-a3c6-df9bb251ff57/0241d190-1363-410c-a3c6-df9bb251ff57.go",
        "funcName": "Serve"
      }
    }
  ],

NOTE: Verify that under allowProtected Packages , os is enabled.

You should also see a code block for ./service-extensions/<service-extension-ID>.go

Click Deploy.