http://www.ISAserver.org
-------------------------------------------------------
Hello everyone!
Our config: ISA 2004 SE SP1 -- users configured as Firewall Client, Web Proxy, (some Secure NAT). Internet Explorer 6.0 on WinXP SP2 with latest updates.
Scenerio: There is a site, "http://depts.washington.edu/hhpccweb"; which currently requires the user to log in to view the site by redirecting to "https://weblogin.washington.edu/"; after successful logging in, the page is redirected back to "https://depts.washington.edu/hhpccweb/";. In this site there is an 'administrative' area that *also* requires the user to log in with different credentials.
Issue: After logging in successfully to the first site (using SSL), the 2nd site that requires the user to log on(no SSL), either 1) does not accept the 2nd credentials or 2) accepts the 2nd credentials but after a few hyperlink clicks, drops the 2nd users credentials, forcing the user to enter the 2nd credentials again. The 1st credentials never are 'dropped' by IE.
We have tried: 1) Allowing 'anonymous' access to that site. 2) Configure 'direct access' for 'http://depts.washington.edu' (both IP and DNS tried.) 3) Configure IEs, "Do not use proxy server for addresses beginning with:" 4) Adding the site to 'trusted sites'
None have solved the problem of the 2nd site dropping the users credentials except: 5) Bypass ISA and access site directly.
Comments or suggestions welcome! =)
Is there an issue with websites that require SSL to log in, and then another non SSL log in page? Is this just bad HTML on the 2nd site? Perhaps this is solved with ISA SP2...or maybe we should purchase ISA 2006 =) If this issue does not occur when ISA is bypassed, then ISA = culprit?