[isalist] Re: OWA 2007 with RSA

http://www.ISAserver.org
-------------------------------------------------------

No my CAS doesn't have FBA, it is configured with RSA on it and protecting the 
OWA site.
So, if you access the CAS you receive the RSA screen asking for 
username/passcode, if you access from internet, you receive the ISA form asking 
for username/passcode and then takes you to the CAS where you need to enter 
again the credentials.

What I was expecting is to have the internal RSA receiving the passcode or 
cookie or whatever it use from the ISA and allow the user to go to the right 
CAS.

Regards
Diego R. Pietruszka
MSC (USA) - Interlink Transport Technologies


-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Thursday, February 07, 2008 2:06 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: OWA 2007 with RSA

http://www.ISAserver.org
-------------------------------------------------------

Your CAS cannot use FBA at all; much less for SecurID.
The ISA RSA delegation simply passes the cookies created for this 
authentication.
ISA cannot delegate to a form-based auth at all.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR
Sent: Thursday, February 07, 2008 10:06 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: OWA 2007 with RSA

http://www.ISAserver.org
-------------------------------------------------------

Yeah, I'm using the 3rd option.

I'm using HTML Form Authentication (the collect additional 
credentials....option is not checked), as Authentication Validation Method I 
selected RSA Secure ID, and I also selected RSA SecureID as authentication 
Delegation method.

But the thing is still not working. I'm pretty sure is more related to RSA on 
the CAS side than with ISA, but probably somebody have it working already.

Regards
Diego R. Pietruszka
MSC (USA) - Interlink Transport Technologies


-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Thursday, February 07, 2008 12:56 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: OWA 2007 with RSA

http://www.ISAserver.org
-------------------------------------------------------

Actually, I be wrong - check the table near the bottom of 
http://www.microsoft.com/technet/isa/2006/authentication.mspx

Some details of your (Diego) configuration are needed.

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Thomas W Shinder
Sent: Thursday, February 07, 2008 8:44 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: OWA 2007 with RSA

http://www.ISAserver.org
-------------------------------------------------------

Bridge or delegate?

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- Microsoft Firewalls (ISA)



> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Thursday, February 07, 2008 10:36 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] Re: OWA 2007 with RSA
>
> http://www.ISAserver.org
> -------------------------------------------------------
>
> You can't bridge RSA auth.
> IOW, you can have it at ISA or you can have it at the CAS,
> but not both.
>
> -----Original Message-----
> From: isalist-bounce@xxxxxxxxxxxxx
> [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D
> PIETRUSZKA USWRN INTERLINK INFRA ASST MGR
> Sent: Thursday, February 07, 2008 7:30 AM
> To: isalist@xxxxxxxxxxxxx
> Subject: [isalist] OWA 2007 with RSA
>
> Hello all, this is already driving me crazy. Did anybody
> publish OWA 2007 with RSA authentication?
>
> It is pretty easy to have the forms asking you for the token,
> but my problem is that our users are using just RSA to login,
> there is no password for them (well there is but they don't know it).
>
> The point is: ISA should authenticate the user using  RSA and
> then pass the credentials to the CAS server, so when the user
> reach the CAS this one already have the token and authorize
> the user to see his/her mailbox.
>
>
>
> Today I have the form asking for passcode, then the CAS
> asking for the passcode again (which is pretty crappy).
>
> I can publish the CAS directly on Internet, so the users will
> be asked just once for the passcode but I would like to have
> ISA stopping the users and asking for authentication.
>
>
>
> Anybody?
>
>
>
>
>
> Regards
>
> Diego R. Pietruszka
>
> ------------------------------------------------------
> List Archives: http://www.freelists.org/archives/isalist/
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server Articles and Tutorials:
> http://www.isaserver.org/articles_tutorials/
> ISA Server Blogs: http://blogs.isaserver.org/
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
>
------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts: