Can TMG pass the login ID in session header (Full Version)

All Forums >> [Threat Management Gateway (TMG) 2010] >> General



Message


Mainerjim -> Can TMG pass the login ID in session header (11.Jul.2012 8:34:15 AM)

Hi everyone. I'm in a jam and need some help. We are combining 5 organizations to one and using TMG as an interim solution to publish new org websites. The problem is we have a bunch of non MS applications that TMG natively doesn't provide SSO to. Flexauth is helping with some of that.
Now we also have a few applications that need to have just the login ID passed in the session header that some ASP code can grab and provide to the backend application. I haven't found a way of doing that in TMG. Does anyone know of a setting I can turn on or any other suggestions?

Thx
Jim




ferrix -> RE: Can TMG pass the login ID in session header (11.Jul.2012 11:37:28 AM)

What do you mean by "the session header"? Just adding a custom HTTP request header with the username?




Mainerjim -> RE: Can TMG pass the login ID in session header (11.Jul.2012 12:53:52 PM)

Pretty much..
So a user logs into TMG, that login ID (sAMAccountName only, no domain)can be passed to backend server where some basic code can grab it, and then allow that user access to that application.

I used session header as it was the terminology we used from the older reverse proxy we have in place currently.




ferrix -> RE: Can TMG pass the login ID in session header (11.Jul.2012 1:15:26 PM)

I'm surprised that you can't just use Basic auth delegation then. The username and password are passed in the Authorization header with simple base64 encoding.

If you really need a custom header, it would be an easy job for a web filter, then. We made IsaScript to do stuff like that.




Mainerjim -> RE: Can TMG pass the login ID in session header (11.Jul.2012 1:36:27 PM)

Thx ferrix!
I'll look into things more. What happens is I can get this working but I typically have to explain it to the developers and usually have to write example code for them to work off of.
This is new for me.. we've had our other system in place for 9 years so it's a sudden change to try and make it do what the older system has done for years.

I appreciate the help!




Page: [1]