Welcome to ISAserver.org

Choose your certificate for every rule

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 Publishing] >> Web Publishing >> Choose your certificate for every rule

Page: [1]

Message

<< Older Topic Newer Topic >>

Choose your certificate for every rule - 2.Jun.2008 6:24:24 AM

tijlhaghebaert

Posts: 9
Joined: 6.May2008
Status: offline

Hello,

On my ISA I have 5 rules. All this rules are using the same listener.
For authentication I chose Form authentication + Require SSL client certificate.
Also I configured SSO for all the rules. When I put off require SSL client certificate everything works great, but when it's on every time I go to a page from another rule. It keeps me asking which certificate I am want to use.

OK, this isn't such a big problem. I don't have to give my PIN-code and my credential but in my opinion this isn't so properly.

Grtz Tyler

Post #: 1

Featured Links*

RE: Choose your certificate for every rule - 12.Jun.2008 10:25:57 AM

tshinder

Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline

Can you combine those five rules into one rule?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to tijlhaghebaert)

Post #: 2

RE: Choose your certificate for every rule - 13.Jun.2008 5:57:45 AM

tijlhaghebaert

Posts: 9
Joined: 6.May2008
Status: offline

I don't think so.
Every rules is made for another application on another server.

Rule1: Application1 on server1 (IIS): https://app1.domain.com
Rule2: Application2 on server2 (IIS): https://app2.domain.com
Rule3: Application3 on server3 (TomCat (Apache)): https://app3.domain.com
...

The first time I go to one of these websites these are the steps:

Choose my certificate
Enter my PIN-code
Enter username en password in ISA HTML Form
Now I'm logged on.

Then when I go to another application, it only asks me choose my certificate again.
So the Single Sign On works good, but I still have to choose the right certificate again. They don't ask for a Pin-code anymore.

When I go again to that second application, everything works fine. No ask to choose certificate.

Grtz Tijl

< Message edited by tijlhaghebaert -- 13.Jun.2008 6:03:41 AM >

(in reply to tshinder)

Post #: 3

RE: Choose your certificate for every rule - 16.Jun.2008 10:45:19 AM

tshinder

Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline

Are all three rules using the same Web Listener?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to tijlhaghebaert)

Post #: 4

RE: Choose your certificate for every rule - 17.Jun.2008 2:48:03 PM

frobnitzz

Posts: 16
Joined: 11.Jun.2008
Status: offline

quote:

ORIGINAL: tshinder

Are all three rules using the same Web Listener?

Thanks!
Tom

To quote the 1st post "All this rules are using the same listener."

hth
John

(in reply to tshinder)

Post #: 5

RE: Choose your certificate for every rule - 18.Jun.2008 12:07:38 PM

tshinder

Posts: 47010
Joined: 10.Jan.2001
From: Texas
Status: offline

Hi John,

OK, got it. From what I can tell, certificate based authentication without the use of KCD won't support SSO.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.
Sr. Consultant/Technical Writer
Prowess Consulting http://www.prowessconsulting.com/
Blog: http://blogs.isaserver.org/shinder/

GET THE NEW ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to frobnitzz)

Post #: 6