Forefront Edge Security TechCenter >
Forefront Edge Security Forums
>
Forefront Edge Security - Publishing
>
ISA 2006 Reverse proxy and user (x.509) certificates
ISA 2006 Reverse proxy and user (x.509) certificates
- We need to publish an internal system that will require a user (x.509) certificate for authentication.
Is there anything special we need to do on the ISA publishing rule to ensure the requests/responses for the user certificate get passed appropriately?
Answers
- If the web app is requiring cert based auth you need to do non-web publishing of HTTPS server.
You cannot bridge the SSL since ISA do not have access to users private key material.
If possible try to see if the web app can be changed to Kerberos auth.
Then if all requirements are ok (ISA is member of same domain as web app server being one) you could use bridging so that ISA authenticates the user based on certificate and delegates Kerberos to the web app.- Marked As Answer byNick Gu - MSFTMSFT, ModeratorMonday, October 26, 2009 2:06 AM
All Replies
- If the web app is requiring cert based auth you need to do non-web publishing of HTTPS server.
You cannot bridge the SSL since ISA do not have access to users private key material.
If possible try to see if the web app can be changed to Kerberos auth.
Then if all requirements are ok (ISA is member of same domain as web app server being one) you could use bridging so that ISA authenticates the user based on certificate and delegates Kerberos to the web app.- Marked As Answer byNick Gu - MSFTMSFT, ModeratorMonday, October 26, 2009 2:06 AM
