I need some advice on getting ISA 2006 working with RSA and OWA. I am publishing OWA through ISA and have the RSA agent installed on the FE server. Connecting directly to the FE server and authenticating with RSA credentials works perfectly. Now what I am trying to do is take this one step further and publish this through ISA, have ISA authenticate the user against RSA and then pass the RSA cookie back to the FE server which should hopefully let me in without prompting for any additional authentication.
And this is where i start running into a problem. I need to set something called a "Domain Secret" for RSA on both ISA and IIS. I can set it on the IIS/FE side in the agent no problem. But ISA2006 won't let me set the domain name within RSA configuration. So what's happening is that when the cookie gets passed back to the FE server the domain secrets match, but the domain names don't, and the cookie isn't accepted. There used to be a place to set this in ISA2004, but ISA2006 is using a newer version of RSA libraries, and they redesigned a few screens, so now I can't find it.
How does one manage RSA domain names under ISA 2006? Anyone?
take this with prudence, as I haven't finished implementing it myself. 1. take the RSA agent off the IIS - no need any more. 2. Activate RSA System Policy on ISA. 3. ACE: Declare ISA an Agent Host. 4. ISA: test connectiviy with sdtest.exe, found on any RSA agent. 5. use multiple domains? I have one. This works, I have to log on with username(without domain), RSA Token, AND Windows password.