• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

SSO certificate

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> Installation and Planning >> SSO certificate Page: [1]
Login
Message << Older Topic   Newer Topic >>
SSO certificate - 22.Nov.2006 7:12:45 AM   
theRob

 

Posts: 103
Joined: 31.Aug.2003
From: The Netherlands
Status: offline
I our test/pilot enviroment we have standalone web server(s) linux and windows.
We installed a couple of standalone isa servers. We use LDAP authentication to our AD on the intranet. Which works great. (better and easier to maintain than ADFS)

We configured a single listener to get SSO.
We publish a couple of webservers with that listener. But not all servers use ssl.
I fact the idea is to let isa function as a portal where users can login (we will customize the login page)
So once a user has logged in he can go to all other sites without having to authenticate.
But the problem is that they all get a warning about the site. Because isa will put https in front of it.

Is the wise to use a wildcard certificate in this situation or are the other ways to get around it?
Post #: 1
RE: SSO certificate - 23.Nov.2006 1:51:58 PM   
gja

 

Posts: 50
Joined: 15.Aug.2006
From: The Netherlands
Status: offline
There are two ways to do it. You can use a wildcard certificate or you can use multiple IP addresses on a single listener and for each IP address a different certificate.

(in reply to theRob)
Post #: 2
RE: SSO certificate - 23.Nov.2006 2:19:54 PM   
theRob

 

Posts: 103
Joined: 31.Aug.2003
From: The Netherlands
Status: offline
Thanks for your response.
We tested both the wildcard en certificates with different ip adresses.

We are now looking at how we should equip our isa servers.
Unihomed or with 2 nics.
And put one nic straight to the internet. Don't know if company policy let us do that.

(in reply to gja)
Post #: 3
RE: SSO certificate - 23.Nov.2006 2:29:26 PM   
gja

 

Posts: 50
Joined: 15.Aug.2006
From: The Netherlands
Status: offline
When using ISA in a publishing senario I always use 2 or more nics. So the traffic has to go through the ISA. In front of the ISA I normaly place a hardware firewall such as a cisco pix to filter a lot of the unwanted traffic.

(in reply to theRob)
Post #: 4
RE: SSO certificate - 24.Nov.2006 2:57:37 AM   
theRob

 

Posts: 103
Joined: 31.Aug.2003
From: The Netherlands
Status: offline
We already have a pix in front for the internet and a pix between dmz and intranet.
The isa servers will be located in the DMZ and will be standalone servers.
The webservers are also standalone servers and are located at the dmz.

So all servers will be on one networksegment.
So ill think i will go for unihomed isa servers in a array.
I allready have unihomed isa 2004 servers in a array that function as webproxy only server.

(in reply to gja)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> Installation and Planning >> SSO certificate Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts