I have been tearing my hair out trying to get ISA server 2006 and a java based webapp (blackboard) working correctly. I have been using FBA to log into to the site using ldap which works fine. Initially, when I accessed an area of the site which ran a java applet I would be sent back to the isa log in page. However this issue would only occur when using IE, firefox worked as expected. I followed the advice in the thread http://forums.isaserver.org/Java_Application_Fails/m_2002037649/tm.htm and this went most of the way to solving the issue. But instead of being redirected to ISA log on page I am now presented with what looks like a java log in form. If I enter my credentials I am allowed into the app and everything works correctly and choosing the save password option stops this log in box appearing again. I tried what was suggested in http://support.microsoft.com/kb/925881/en-us but this has not solved the issue. This issue only occurs in IE. Does anyone have an idea on how to stop this log in box appearing on java pages in IE? Thanks in advance. Peter
In reply to my own post the problems I was experiencing with Java authentication and ISA 2006 were completely solved by applying the hotfix http://support.microsoft.com/kb/933869/en-us I hope this helps someone sometime.... Thanks Peter
I am looking to do the same thing for our BB installation. can you tell me more about the FBA that you have set up? what type of client authentication method did you use for it. we are also using LDAP for the Authentication Validation Method.
any help that you can provide would be greatful.
ao,lso what there anything special besides the things mentioned in this post? if you have any documentation that you wouldnt mind sharing that would b great as well.
Hi there, If I remember rightly the steps we had to go through to get our Blackboard test server working successfully using ISA Server and FBA were:
Set up BB to use web server delegation authentication which we did following the instructions in the bb authentication guide. You can get this from behind blackboard. We used IIS to authenticate users to AD before passing these credential back to BB.
Set up BB to use SSL
Published the website through ISA Server 2006 used FBA and set the authentication method to basic.
Applied the patches Microsoft provided to stop the issues with were having with Java.
We had to hack the user registry table in blackboard to add the the remote header info to each user so they can authenticate to BB. You will be able to see the remote user info the ISA is sending by monitoring your connection in the logs. This took a bit of fiddling to get working.
Once we had it set up we then added other services to the same listener as BB was published on (exchange,sharepoint etc) and we got single sign on working very well between these services. We also tested software from collective software which allowed other services to also single sign on. However we haven't yet gone live with this because by moving to web server delegation authentication on BB breaks a number of bb building blocks. It is something we will look to implement in the near future. Hope this is of some help. Thanks, Peter
Hi, I don't quite understand what you mean when you mention applying the hotfix without any listeners? I presume you are publishing sites/services using a non website publishing rule? In this case, as the fix is applied to a particular listener, I'm not sure how you would get round the authentication issue other than using a website publishing rule for the service which is giving you grief. As the hotfix is for Java and FBA problems I'm not sure it is what you are looking for. Sorry I can't be of more help. Peter