• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

OWA 2007 / ISA 2006 / RSA SecurID Issue

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> OWA 2007 / ISA 2006 / RSA SecurID Issue Page: [1]
Login
Message << Older Topic   Newer Topic >>
OWA 2007 / ISA 2006 / RSA SecurID Issue - 12.Jun.2009 4:18:36 AM   
ksteege

 

Posts: 6
Joined: 8.Jan.2007
Status: offline
I posted this in the 2004 but it is in actuality a 2006 implementation... 

Question here for the ISA/OWA/RSA configuration I have a few questions because some people must have had this working.

#1 - I am getting two logins.  One on the first page that contains RSA passcode and domain password and another that just has the username and password (domain)   I was of the impression that FBA was only to enabled on the ISA server.    RSA insists that the FBA and Basic needs to be on both for the solution to work.

#2 - Another issue that I will deal with eventually is the ISA server that was installed (before my time) was installed as a member of the domain.  Could this cause the two logins?

#3 - Is there any documented way of getting the RSA solution to do the authentication for me so that I could just hit the initial webpage and type in RSA passcode and that all and get straight in to OWA?  Does the solution have to be linked up with another product?

Thanks for your help
Post #: 1
RE: OWA 2007 / ISA 2006 / RSA SecurID Issue - 12.Jun.2009 4:51:28 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
You can have a single form to collect both Windows and RSA credentials with ISA Server 2006; I would need to check for ISA Server 2004, but I don't think it supports this...

This article has some info and screenhots of the integrated form:

http://blog.msfirewall.org.uk/2009/02/customising-isa-server-2006-html-forms.html

Shout if you need specific details on setup/config as I've done quite a lot of work with ISA and RSA.

Cheers

JJ

< Message edited by Jason Jones -- 12.Jun.2009 4:52:42 AM >


_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to ksteege)
Post #: 2
RE: OWA 2007 / ISA 2006 / RSA SecurID Issue - 15.Jun.2009 10:16:30 AM   
ksteege

 

Posts: 6
Joined: 8.Jan.2007
Status: offline
Very good Article and I will certainly get to that at some point my issue currently is around the initial configuration.  I like it very much though and plan to make that happen as well.

I am getting hit up twice for passwords right now...  SO the Initial usual screen comes up with User Name, passcode and password.   Type it all in and it gets through fine (as long as you put in the correct info ;-) )  Then you get prompted again for the User name and password to OWA - Usually this is because you have FBA in both ISA and CAS...  but in this case it should still work because the ISA server is a domain member and should be able to send the info in.

OK so thats issue #1

Issue #2 and I am not sure how this is done but Do you know if there is a way to have on that main screen User name and RSA Passcode and still go all the way in to OWA off of that?

1. User types in https:\\www.corpmail.com
2. OWA page comes up it has two lines to fill out - Username and RSA Passcode.
3. User types in info
4. User is given OWA - np other passcodes or passwords?

Thanks again and sorry for the delay in response...



(in reply to Jason Jones)
Post #: 3
RE: OWA 2007 / ISA 2006 / RSA SecurID Issue - 15.Jun.2009 6:35:39 PM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Hi,

These should help:

http://blogs.technet.com/isablog/archive/2008/02/07/walk-through-for-rsa-securid-authentication-for-isa-server-2006-part-3-configure-isa-authentication-and-delegation.aspx

http://blogs.technet.com/isablog/archive/2008/10/29/walk-through-for-rsa-securid-delegation-for-isa-server-2006.aspx

Let me know how you get on!

Personally, I would tend to use FBA and the "collect additional delegation credentials" option combined with Negotiaite delegation. As this allows for  transparent access and OWA functionality which includes advanced features like OWA Document Access. 

I've never used RSA SecurID delegation, but the theory in the above articles looks good

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to ksteege)
Post #: 4
RE: OWA 2007 / ISA 2006 / RSA SecurID Issue - 17.Jun.2009 9:45:13 AM   
ksteege

 

Posts: 6
Joined: 8.Jan.2007
Status: offline
Interestingly enough I found that same article and this one on RSA site

http://www.rsa.com/rsasecured/guides/imp_pdfs/Microsoft_ISA2006_AM7.1_WEB_.pdf

basically the same thing.  trying to figure out which best fits the org. 

(in reply to Jason Jones)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> OWA 2007 / ISA 2006 / RSA SecurID Issue Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts