• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Why is Authentication Delegation tab is missing options?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Why is Authentication Delegation tab is missing options? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Why is Authentication Delegation tab is missing options? - 3.Apr.2008 3:03:02 PM   
dfosbenner

 

Posts: 129
Joined: 14.Nov.2001
From: Maybrook, NY USA
Status: offline
I have ISA 2006 Standard.  The Authentication Delegation tab of the webserver publisher rule has these three options:
 
No delegation, and client cannot authenticate directly
No delegation, but client may authenticate directly
Kerberos constrained delegation

 
According to the help screens and other references, it should also have four more choices:
Basic
NTLM
NTLM/Kerberos (Negotiate)
SecurID

I have a webserver behind ISA which hosts the company website AND OWA.  The users just add /exchange on the end of the company website to get to OWA.  It works great through ISA 2004.
 
I did a test cutover to ISA 2006 today, the company website worked, but OWA didn't,   I was never prompted for credentials.  I think this is because my web publishing rule had "No delegation, and client cannot authenticate directly" selected.
 
I am unclear how to get the credentials to work, especially with options missing.  Anyone know?
 
One thing I did read after the test is that on the web listener, Authentication tab, Advanced, I should enable 'Allow client authentication over HTTP'.  True?
 
Additional info: we use a certificate for OWA, we don't use forms-based authentication. 
Post #: 1
RE: Why is Authentication Delegation tab is missing opt... - 4.Apr.2008 7:15:50 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
It depends what authentication option you select on the web listener. It sounds like you have enabled the 'HTTP (Integrated)' option as opposed to 'HMTL forms'.

Using forms auth is the recommended approach for OWA...

Using "allow client auth over HTTP" essentially means "send my credentials clear text"...hence why it is disabled by default  

< Message edited by Jason Jones -- 4.Apr.2008 7:18:02 PM >


_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to dfosbenner)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Why is Authentication Delegation tab is missing options? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts