ISA 2006 / WSS 3.0 / Outlook 2007 single sign on (Full Version)

All Forums >> [ISA 2006 Publishing] >> SharePoint Publishing



Message


TobiasN -> ISA 2006 / WSS 3.0 / Outlook 2007 single sign on (10.Mar.2009 5:03:47 AM)

Hi,

I have a problem with integration of WSS 3.0 in Outlook 2007. We have published Outlook 2007 / OWS 2007 and WSS over the same Web_Listener and SSO is enabled.
All of our users access Outlook 2007/OWA and WSS from the internet and the clients are not a member of the internal Exchange/WSS domain.

We are a Hosted Exchange provider.

The single sign on feature works great between WSS and OWA. But if I try to integrate WSS in Outlook 2007 it prompts me for authentication.
(But I'm always authenticated in Outlook?!)

After the timeout of the Web_Listener it prompts me again in Outlook for re-authentication to access SharePoint and so on…..
This behavior leads to a bad user experience and until now, I didn't find any solutions to avoid that.

I have made some tests with different authentication methods (NTLM/Basic authentication etc.) but nothing works.
The persistent cookie feature gave me some strange effects and it doesn't work as well for me. (Perhaps I have done something wrong??)

Let me now ask my questions, please.

Is it possible to have a single sign on feeling between Outlook and WSS from external in general?

Does anybody know what I can do to solve this issue? (Settings / third-party software etc.)

Every help to point me to the right direction are highly appreciated!!

Thanks in advance!

Tobias




Jason Jones -> RE: ISA 2006 / WSS 3.0 / Outlook 2007 single sign on (11.Mar.2009 9:33:48 PM)

Persistent cookies should solve your problem.

SSO is designed for access multiple services from the same browser (e.g. OWA and WSS); however, once you hope outside the security context of the browser to use Outlook, ISA will see this as a new session and hence require authentication. Persistent cookies were designed to remove this limitation by using machine cookies that can be comsumed by applications outside the browser.

Can you describe "strange affects" for persistent cookies as I have always found these pretty reliable...

Cheers

JJ




TobiasN -> RE: ISA 2006 / WSS 3.0 / Outlook 2007 single sign on (12.Mar.2009 5:36:43 AM)

Hi Jason,

Thank you very much for your reply!

Perhaps I missed something or I did something wrong?!

But at the moment it is not 100% clear for me what really happens there.

I have for all applications (WSS, Outlook und OWA) the same Web_Listener.
I had SSO enabled und persistent cookies (on all computers) activated at the same time.

I started Outlook and integrated a SharePoint site. Then I wait over 10min (idle timeout) and it seems to work. If I clicked on a SharePoint site within Outlook it does not prompt me for authentication. -> OK

After that I tried to open a SharePoint site from a link in an email. A browser window opens and I need to logon again. It does not pass the credentials from Outlook to OWA. (I don't know if it's a normal behaviour?)

Then I logoff from Outlook login to OWA -> logon to Outlook, logoff from OWA.
And at this time I can't login to OWA again!?

It told me, that password or username is wrong?!

The only solution was to delete all cookies from IE cache and logoff/logon to Windows.
I know that my test scenario is a little bit strange, but we have thousands of users and I don't want to affect them by enabling persistent cookies without good testing.

For a working persistent cookie feature, it is necessary that all applications using the same web_listener? (we’re using the same listener).


Could be that I did something wrong and I have to retry me tests, to see if it working?!

regards,
Tobias




Jason Jones -> RE: ISA 2006 / WSS 3.0 / Outlook 2007 single sign on (12.Mar.2009 12:27:45 PM)

What client OS are you running for the tests, XP or Vista?

Cheers

JJ




TobiasN -> RE: ISA 2006 / WSS 3.0 / Outlook 2007 single sign on (12.Mar.2009 2:44:21 PM)

I got the strange issues on XP but the authentication problem exsist on both Vista and XP.

Tobias




Jason Jones -> RE: ISA 2006 / WSS 3.0 / Outlook 2007 single sign on (12.Mar.2009 6:49:55 PM)

My experience with Vista is that you need to add all URLs to the trusted sites and then disable the 'Web Client' service for correct functionality. In XP, you just need trusted sites stuff.

I have a customer with a similar setup, but only with SharePoint and Outlook - persistent cookies work really well for this setup...they have a different listener for OWA so SSO is not possible [:(]

I dont get why OWA would fail if you already have a persistent cookie and are using the same listener with SSO enabled.

Not quite sure I follow your tests, but it is late here now [:D]

Cheers

JJ




TobiasN -> RE: ISA 2006 / WSS 3.0 / Outlook 2007 single sign on (13.Mar.2009 3:12:33 PM)

Hi Jason,

I don't want to make you additional work. I will test it with diffrent listener and we will see what happens.

Thank you for your support!

Tobias




Page: [1]