Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Exchange
2000.active.directory
2000.admin
2000.announcements
2000.app.conversion
2000.applications
2000.clients
2000.clustering
2000.connectivity
2000.development
2000.documentation
2000.general
2000.information.store
2000.interop
2000.kms
2000.misc
2000.protocols
2000.realtime.collabo.
2000.setup
2000.transport
2000.win2000
admin
application.conversion
applications
clients
clustering
connectivity
design
development
misc
mobility
setup
tools
  
 
date: Mon, 11 Feb 2008 00:03:00 -0800,    group: microsoft.public.exchange.clustering        back       


Exchange 2003 Frontend / OWA form based authentication    
Hi,

I've just installed an exchange cluster with 3 nodes (a/a/p).
I can successfully open the mail boxes for the users of my domain in Outlook 
Web Access. 
Now I'm about to install an Frontend to centralize the authentication.
I want to build a form based authentication website where the user should 
enter their username and password. The data of the form should be redirect to 
OWA components.
I need to do the authentication this way, because I'm planning to integrate 
a RSA SecurID solution and want to enter the authentication data for OWA and 
RSA SecurID on one place. 

Therefore, I've got two question:
1. Is this way of OWA authentication possible?
2. If yes, how shall I do this? Has anyone an idea?

Thanks 
Uli
date: Mon, 11 Feb 2008 00:03:00 -0800   author:   Uli Junge

Re: Exchange 2003 Frontend / OWA form based authentication    
On Mon, 11 Feb 2008 00:03:00 -0800, Uli Junge
 wrote:

>Hi,
>
>I've just installed an exchange cluster with 3 nodes (a/a/p).
>I can successfully open the mail boxes for the users of my domain in Outlook 
>Web Access. 
>Now I'm about to install an Frontend to centralize the authentication.
>I want to build a form based authentication website where the user should 
>enter their username and password. The data of the form should be redirect to 
>OWA components.
>I need to do the authentication this way, because I'm planning to integrate 
>a RSA SecurID solution and want to enter the authentication data for OWA and 
>RSA SecurID on one place. 
>
>Therefore, I've got two question:
>1. Is this way of OWA authentication possible?
>2. If yes, how shall I do this? Has anyone an idea?
>
>Thanks 
>Uli

If you want to use the RSA token/sw based solution you might want to
have a look at putting ISA in front of the FE or at least in front of
the cluster. The integration piece isn't there out-of-the-box with
Exchange.
date: Mon, 11 Feb 2008 08:55:19 -0500   author:   Mark Arnold [MVP]

Re: Exchange 2003 Frontend / OWA form based authentication    
I think Mark Arnold's advice is good and on target.

TechNet, in case you didn't note,  offers detailed notes on pre-
developed integration solutions which might also be helpful. See:
http://www.microsoft.com/technet/isa/2004/owapubwithrsasecurid.mspx

I'm not sure Mr. Junge will want to "enter the data in one place"
because that might not allow for the multi-step interaction that some
modes of SecurID authentication and administration require: ie. New
PIN mode or Next Tokencode. There are also potential security issues
involved in sending secret data (i.e., windows passwords) back to
previous pages. (Google for "password reflection" to explore this
issue.)

A secure design would probably require the user re-enter their
password on a single large form if a multi-step SecurID authentication
was required or any of the data (passcode or password) was mistyped.

I'm a long-time consultant RSA/EMC, but I would recommend you discuss
the risks involved in any creative infrastructure design with RSA tech
support or someone who has worked extensively on this integration.

Suerte, _Vin

-----------------------------------

Uli Junge  queried the List:

> Hi, I've just installed an exchange cluster with 3 nodes (a/a/p). I can successfully open
> the mail boxes for the users of my domain in Outlook Web Access. Now I'm about to
> install an Frontend to centralize the authentication. I want to build a form based authentication
> website where the user should enter their username and password. The data of the form should
> be redirect to OWA components. I need to do the authentication this way, because I'm planning
> to integrate a RSA SecurID solution and want to enter the authentication data for OWA and RSA
> SecurID on one place.
>
> Therefore, I've got two question:
> 1. Is this way of OWA authentication possible?
> 2. If yes, how shall I do this?
>
> Has anyone an idea?
>
> Thanks Uli

------------------------------

Mark Arnold [MVP]  replied:

.> If you want to use the RSA token/sw based solution you might want
to have a look
.> at putting ISA in front of the FE or at least in front of the
cluster. The integration piece
.> isn't there out-of-the-box with Exchange.
.
date: Sat, 16 Feb 2008 01:07:54 -0800 (PST)   author:   Vin McLellan

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us