• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA 2006 / WSS 3.0 / Outlook 2007 single sign on

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> ISA 2006 / WSS 3.0 / Outlook 2007 single sign on Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA 2006 / WSS 3.0 / Outlook 2007 single sign on - 10.Mar.2009 5:03:47 AM   
TobiasN

 

Posts: 4
Joined: 10.Mar.2009
Status: offline
Hi,

I have a problem with integration of WSS 3.0 in Outlook 2007. We have published Outlook 2007 / OWS 2007 and WSS over the same Web_Listener and SSO is enabled.
All of our users access Outlook 2007/OWA and WSS from the internet and the clients are not a member of the internal Exchange/WSS domain.

We are a Hosted Exchange provider.

The single sign on feature works great between WSS and OWA. But if I try to integrate WSS in Outlook 2007 it prompts me for authentication.
(But I'm always authenticated in Outlook?!)

After the timeout of the Web_Listener it prompts me again in Outlook for re-authentication to access SharePoint and so on…..
This behavior leads to a bad user experience and until now, I didn't find any solutions to avoid that.

I have made some tests with different authentication methods (NTLM/Basic authentication etc.) but nothing works.
The persistent cookie feature gave me some strange effects and it doesn't work as well for me. (Perhaps I have done something wrong??)

Let me now ask my questions, please.

Is it possible to have a single sign on feeling between Outlook and WSS from external in general?

Does anybody know what I can do to solve this issue? (Settings / third-party software etc.)

Every help to point me to the right direction are highly appreciated!!

Thanks in advance!

Tobias
Post #: 1
RE: ISA 2006 / WSS 3.0 / Outlook 2007 single sign on - 11.Mar.2009 9:33:48 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Persistent cookies should solve your problem.

SSO is designed for access multiple services from the same browser (e.g. OWA and WSS); however, once you hope outside the security context of the browser to use Outlook, ISA will see this as a new session and hence require authentication. Persistent cookies were designed to remove this limitation by using machine cookies that can be comsumed by applications outside the browser.

Can you describe "strange affects" for persistent cookies as I have always found these pretty reliable...

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to TobiasN)
Post #: 2
RE: ISA 2006 / WSS 3.0 / Outlook 2007 single sign on - 12.Mar.2009 5:36:43 AM   
TobiasN

 

Posts: 4
Joined: 10.Mar.2009
Status: offline
Hi Jason,

Thank you very much for your reply!

Perhaps I missed something or I did something wrong?!

But at the moment it is not 100% clear for me what really happens there.

I have for all applications (WSS, Outlook und OWA) the same Web_Listener.
I had SSO enabled und persistent cookies (on all computers) activated at the same time.

I started Outlook and integrated a SharePoint site. Then I wait over 10min (idle timeout) and it seems to work. If I clicked on a SharePoint site within Outlook it does not prompt me for authentication. -> OK

After that I tried to open a SharePoint site from a link in an email. A browser window opens and I need to logon again. It does not pass the credentials from Outlook to OWA. (I don't know if it's a normal behaviour?)

Then I logoff from Outlook login to OWA -> logon to Outlook, logoff from OWA.
And at this time I can't login to OWA again!?

It told me, that password or username is wrong?!

The only solution was to delete all cookies from IE cache and logoff/logon to Windows.
I know that my test scenario is a little bit strange, but we have thousands of users and I don't want to affect them by enabling persistent cookies without good testing.

For a working persistent cookie feature, it is necessary that all applications using the same web_listener? (we’re using the same listener).


Could be that I did something wrong and I have to retry me tests, to see if it working?!

regards,
Tobias

(in reply to Jason Jones)
Post #: 3
RE: ISA 2006 / WSS 3.0 / Outlook 2007 single sign on - 12.Mar.2009 12:27:45 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
What client OS are you running for the tests, XP or Vista?

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to TobiasN)
Post #: 4
RE: ISA 2006 / WSS 3.0 / Outlook 2007 single sign on - 12.Mar.2009 2:44:21 PM   
TobiasN

 

Posts: 4
Joined: 10.Mar.2009
Status: offline
I got the strange issues on XP but the authentication problem exsist on both Vista and XP.

Tobias

(in reply to Jason Jones)
Post #: 5
RE: ISA 2006 / WSS 3.0 / Outlook 2007 single sign on - 12.Mar.2009 6:49:55 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
My experience with Vista is that you need to add all URLs to the trusted sites and then disable the 'Web Client' service for correct functionality. In XP, you just need trusted sites stuff.

I have a customer with a similar setup, but only with SharePoint and Outlook - persistent cookies work really well for this setup...they have a different listener for OWA so SSO is not possible

I dont get why OWA would fail if you already have a persistent cookie and are using the same listener with SSO enabled.

Not quite sure I follow your tests, but it is late here now 

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to TobiasN)
Post #: 6
RE: ISA 2006 / WSS 3.0 / Outlook 2007 single sign on - 13.Mar.2009 3:12:33 PM   
TobiasN

 

Posts: 4
Joined: 10.Mar.2009
Status: offline
Hi Jason,

I don't want to make you additional work. I will test it with diffrent listener and we will see what happens.

Thank you for your support!

Tobias

(in reply to Jason Jones)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing >> ISA 2006 / WSS 3.0 / Outlook 2007 single sign on Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts