• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

TMG Authenticatoin - bypass logon.html page

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> TMG Authenticatoin - bypass logon.html page Page: [1]
Login
Message << Older Topic   Newer Topic >>
TMG Authenticatoin - bypass logon.html page - 5.Apr.2010 2:16:23 PM   
akarimi

 

Posts: 5
Joined: 30.Mar.2010
Status: offline
On our TMG server, we will be publishing multiple sites: a couple of asp.net websites (published thru forms-based authentication via TMG) and couple of sharepoint sites, etc (published thru TMG on the same server).

We want to leverage TMG’s Single Sign On (SSO) functionality. So for example, if a user is already logged-in our ASP.NET website and he clicks a link which takes him to our sharePoint site, he should be able to get in with SSO (does not need to enter login credentials again).

However, the trick here is that we do NOT want to use the TMG Logon.html page as the entry point. We simply want to designate one of our own asp.net website (published via TMG) and create a custom login.aspx page. This page will ask for the user’s username and password and we will write custom code to authenticate the user against Active Directory (as per my understanding, we cannot use TMG SDK to authenticate the user). Once the user is successfully logged-in into the “entry-point” site, he should be able to simply click links to the other sharepioint sites (published within the same TMG) and be redirected there with SSO.

To summarize my question, we want to “by-pass” TMG’s logon.html page (and its authentication) and instead of that, use one of our own asp.net websites as an entry point to TMG resources (authenticating him against LDAP/AD). Once the user is logged-in, we want to leverage TMG’s SSO.
Post #: 1
RE: TMG Authenticatoin - bypass logon.html page - 7.Apr.2010 9:59:00 AM   
rino01

 

Posts: 69
Joined: 1.Jul.2005
From: Stockholm / Sweden
Status: offline
Hi

You can customise the login page that are in the TMG so it sutes you. For SSO to work you need to use FBA login on the TMG.

To have links on the login page you need to use UAG instead.

_____________________________

Best Regards

//Rickard

(in reply to akarimi)
Post #: 2
RE: TMG Authenticatoin - bypass logon.html page - 8.Apr.2010 5:12:21 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
If ISA isn't authenticating the requests, it cannot generate the required cookies for SSO to work.

What part of the TMG HTML form doesn't work for you? From what you describe, it can do all you need...no?

Also be aware that be not using the ISA HTML forms, you are NOT performing any pre-authentication which means that anonymous requests are reaching you internal web servers; not good!

Cheers

JJ

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to rino01)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> TMG Authenticatoin - bypass logon.html page Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts