Re: RSA with OWA and FBA
- From: LAN Hotfixer <LANHotfixer@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 17 Feb 2006 12:28:28 -0800
This might indicate that Microsoft might not be that happy about RSA SecurID
on ISA 2004 to authenticate - before FBA.
At the same time it indicates that they do support it:
http://www.microsoft.com/technet/prodtechnol/isa/2004/plan/unsupportedconfigs.mspx
Troubleshooting Unsupported Configurations in ISA Server 2004
Microsoft Internet Security and Acceleration Server 2004
Published: November 2, 2005
Problem: There are a number of limitations to be aware of when enabling RSA
SecurID authentication on ISA Server:
• When you configure RSA SecurID on a Web publishing rule, no other form of
authentication can be enabled.
• Outlook Web Access cannot be configured to use SecurID credentials. ISA
Server can forward the cookie to the Outlook Web Access server, but the
server will not do anything with it.
Cause: When you publish an Outlook Web Access server and enable RSA SecurID
on ISA Server, with forms-based authentication on the Exchange server, the
following occurs:
• Users will be prompted for an RSA SecurID password and PIN by ISA Server.
• After being authenticated by ISA Server, users will be prompted by
Exchange with the forms-based authentication page.
But maybe it is not that good a combination with 2 cookies.... from the ISA
2004 Help manual:
- On the RSA SecurID tab, verify that Send SecurID cookie to upstream server
is selected.
If you do not select this option, ISA Server removes the SecurID cookie from
the header, and invalid cookies are forwarded to the Outlook Web Access
server that is being published.
When ISA Server is configured to use SecurID authentication, forms-based
authentication will not function as expected, because forms-based
authentication requires its own cookie to identify the client. After the
client successfully authenticates to ISA Server and to the Outlook Web Access
server, Internet Explorer sends both cookies to ISA Server, on the same
cookie header. ISA Server removes the SecurID cookie from the header and
alters the remaining cookies so that they are invalid. The Outlook Web Access
server does not receive the required credentials, and presents the
forms-based authentication form to the client again.
--
LAN Hotfixer
"Henk Steunenberg (Ms)" wrote:
Hello,.
isa 2004
only support FBA with exchange and OWA and does not support customizing of
owa and
rsa page.
regards,
Henk Steunenberg
"admin ken" <none@xxxxxxxxxxxxx> wrote in message
news:uraHt$PEGHA.3920@xxxxxxxxxxxxxxxxxxxxxxx
Can the integrated RSA features work with OWA w/ forms based
authentication in ISA 2004?
I know there is an issue with RADIUS and OWA FBA but there is a fix from
Microsoft, I wonder if there is any issue using RSA with OWA and FBA.
- Prev by Date: Bypassing RSA Securid publishing in ISA 2004 for OWA 2003 after lo
- Next by Date: Re: Firewall Client doesn't work
- Previous by thread: Bypassing RSA Securid publishing in ISA 2004 for OWA 2003 after lo
- Next by thread: cant access remote SQL server from behind ISA server
- Index(es):
Relevant Pages
|
