Re: Pre-Authentication on a Secure Web publishing Rule using Clien
- From: "Jim Harrison \(ISA SE\)" <jmharr@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 16 Apr 2007 08:08:27 -0700
Have a read in the ISA help and here:
http://www.microsoft.com/technet/isa/2006/authentication.mspx
for "certificate authentication".
ISA *MUST* be a domain member in order for cert auth to work.
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
"Navi" <Navi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E835FE5C-415C-43E6-A88C-88291C1E97AC@xxxxxxxxxxxxxxxx
Thank you for your reply Jim.
We are currently trying to implment cert-based auth just at the ISA server
and seem to be failing. The ISA is in a workgroup and all the certificates
we
are using are valid, but it still seems to be failing.
Any tips or points we may be overlooking?
Thanks in advance
"Jim Harrison (ISA SE)" wrote:
You cannot perform cert-based authenticate at the ISA and the upstream
server simultaneously.
Cert auth will be limited to ISA (ok for web publishing) or the server
itself (server publishing).
--
Jim Harrison (ISA SE)
This posting implies no warranty and confers no rights.
"Navi" <Navi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:931E4C28-3323-4F6C-892C-7B9D27DCAF79@xxxxxxxxxxxxxxxx
Afternoon all,
I know its a hell of a long subject title but i can't seem to get this to
work!
The problem is we have a standalone ISA 2004 box publishing a website from
a
standalone IIS 6 standalone machine, both these machines use
client/server
certificate auth to communicate over SSL. The root standalone CA is in the
same subnet as the IIS machine and communication between the IIS and ISA
machines are fine.
What we are trying to acheive on top of this is pre-authentication between
the internet client and the ISA Server using client/server certificate
Auth.
We have another standalone root CA in the same subnet as the ISA box to
provide for the certificates for the front end certificates.
I hope i haven't lost you with all this but we can't seem to make it work
so
that the ISA requires a valid client certificate before it will forward on
the request to the IIS machine.
We have placed a valid server certificate in the web listener and a valid
CA
and client cert on the client but keep getting authorisation errors. The
back
end of the system work fine but we can't seem to configure the ISA
correctly
to pre-authenticate users.
Any ideas would be greatly appreciated and if you require any more
information or clarification of any of the above please ask away!
Thanks in advance
Navi
.
- References:
- Re: Pre-Authentication on a Secure Web publishing Rule using Client-se
- From: Jim Harrison \(ISA SE\)
- Re: Pre-Authentication on a Secure Web publishing Rule using Client-se
- Prev by Date: Re: Pre-Authentication on a Secure Web publishing Rule using Client-se
- Next by Date: Re: OWA(Exchange2000)+ISA 2006
- Previous by thread: Re: Pre-Authentication on a Secure Web publishing Rule using Client-se
- Index(es):
Relevant Pages
|
