RE: Authentication
- From: <AHendriks@xxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Wed, 3 Aug 2005 12:52:02 +0200
I'm using IWSS at an other side, and there is no authentication with
IWSS, wath i think is that IWSS redirect to ISA and then needs to
authenticate, the next headers shows up with port 81, a new connection
is established to the ISA server and the second authentication is done.
I need to hide the redirecting between the IWSS and ISA server, so all
communication to the outside world is handled by the IWSS server,
communication between IWSS and ISA needs to be handled on the local
host.
IWSS is setup as a reverse proxy, i thought a reverse proxy published a
web site to the outside world, and handled all the communication between
the client and the web site, so the same should be working with this
configuration.
Arjan
> -----Original Message-----
> From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> Sent: dinsdag 2 augustus 2005 17:45
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Authentication
>
> http://www.ISAserver.org
>
> Separate issues.
> IWSS wants to auth and OWA wants to auth - there are your two prompts.
> Also, there may be a completely separate ISA rule that's forcing auth.
> You need to use the logs to sort that out.
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx]
> Sent: Tuesday, August 02, 2005 06:23
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: Authentication
>
> http://www.ISAserver.org
>
> Okay, but how is it possible that the user needs to
> authenticate twice when accessing OWA with IWSS (Inerscan Web
> Security Suite) in front of ISA.
>
> As i can see the listner on port 81 is the problem, cause
> afther the session starts at port 80 from IWSS, the session
> is redirected to port
> 81 on the listner, in the test environment this workes okay,
> but when going live the port 81 isn't available for the outside world.
>
> So the translation from port 80 tot 81 needs to be done
> between the IWSS and ISA port, and the user doesn't need to
> be redirected.
>
> Arjan.
> > -----Original Message-----
> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > Sent: dinsdag 2 augustus 2005 8:53
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: Authentication
> >
> > http://www.ISAserver.org
> >
> > You're right.
> > ISA "All Users" == "no authentication required".
> >
> > -----Original Message-----
> > From: AHendriks@xxxxxx [mailto:AHendriks@xxxxxx]
> > Sent: Sunday, July 31, 2005 10:54 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] Authentication
> >
> > http://www.ISAserver.org
> >
> > When publishing OWA through ISA 2004, the authentication is done by
> > the FE Exchange server, no authentication is done by ISA, cause the
> > rule have All Users included.
> >
> > Correct me if i'm wrong.
> >
> > At the moment the user need to authenticate twice.
> >
> > Arjan
> >
> >
> > **************************************************************
> > **********
> > De informatie in deze e-mail is uitsluitend bestemd voor de
> > geadresseerde. Als u deze e-mail onterecht heeft ontvangen,
> wilt u dan
> > zo vriendelijk zijn de afzender te waarschuwen door deze
> e-mail terug
> > te sturen en de gegevens van uw computer te verwijderen. De RDW kan
> > niet volledig instaan voor de juiste en volledige overbrenging van
> > deze e-mail.
> >
> > The information in this e-mail is exclusively intended for the
> > addressee. If you have received this e-mail in error, then you are
> > requested to inform the sender by returning this e-mail to
> him/her and
> > delete the message. The RDW has not secured the contents of this
> > e-mail and can therefore not guarantee the accurate and complete
> > transmission of this e-mail.
> > **************************************************************
> > **********
> >
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > ahendriks@xxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> All mail to and from this domain is GFI-scanned.
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: ahendriks@xxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
Other related posts:
