locked
OWA, UAG, Smartcard Auth? RRS feed

  • Question

  • More experimenting. :-)

    I've reconfigured my trunk to support smart card auth (which I was pleasantly surprised to see was dead simple) and logging into the trunk works great. I've got 3 apps in the trunk:

    Pre-defined RDP Session  - works fine.
    SSTP - works fine.
    OWA - doesn't work, give an HTTP 500 - Internal Server error.

    There doesn't seem to be any errors in the event log on either the UAG server or the Exchange server that relate to the 500 error when attempting to access OWA. I have confirmed that smart card access to OWA works internally so it must be something on the UAG box.

    Any ideas?


    Paul Adare CTO IdentIT Inc. ILM MVP
    Tuesday, March 16, 2010 1:33 PM

Answers

  • Paul,

     

    UAG cannot “proxy” the smartcard to the backend application – in this case, the OWA app. Therefore you should not set your OWA to require smartcard.

     

    Generally speaking for such scenarios, UAG can authenticate users using smartcard (we refer to this as frontend authentication), and then UAG can SSO to backend web apps using KCD (we refer to this as backend authentication).

     

    Makes sense?

     

    Regards

    -Ran

    • Marked as answer by Erez Benari Thursday, March 18, 2010 11:08 PM
    Tuesday, March 16, 2010 2:16 PM