none
IAG, KCD and Integrated Authentication RRS feed

  • Question

  •  

    I wonder if I am the only person in the world trying this. Let's find out!

     

    Here's the scenario. Fred is logged into a domain computer. I want him to fire up the URL for the IAG portal, which silently authenticates him via integrated authentication. Then Fred clicks on the link for OWA which again he is silently authenticated for. There's no SSL VPN or any client endpoint checking stuff going on.

     

    All very easy, just make use of the "power" of Kerberos Contrstrianed Delegation which IAG 2007SP1 apparantly supports.

     

    I've setup KCD and now have it error free, but when I try the scenario above, Fred gets prompted for a username and password (not by the IAG UI but the usual username/password popup) and Fred clicks on the OWA link, I get 500 server error.

     

    Any ideas anyone?

    Tuesday, January 8, 2008 2:27 PM

Answers

  • Hi, Forogot about this post.

     

    I got this working. Combination of schoolboy errors and unexpected settings

     

     

    Firstly, to get integrated auth working, the IAG needed to be in the intranet zone of the client machine.

     

    Secondly, the applications listed in the portal need to have a valid certificate, SPN setup properl or the portal willl not display.

     

    • Marked as answer by Nathan Bigman Sunday, January 18, 2009 10:11 AM
    Monday, February 11, 2008 9:09 AM
  • Hi Chaplic,

    Microsoft's guide is telling about publishing application to internal users and corporate domain users. Where you able to use IWA also for users who has domain computer and account but they are accessing portal from internet? Did you use your IWA portal for internal or external users?

    -Teemu Kirjavainen
    • Marked as answer by Erez Benari Monday, December 21, 2009 6:20 PM
    Tuesday, October 27, 2009 11:54 AM

All replies

  • Can you explain what you exactly did?

    How did you set it up?

    Monday, February 11, 2008 6:56 AM
  • Hi, Forogot about this post.

     

    I got this working. Combination of schoolboy errors and unexpected settings

     

     

    Firstly, to get integrated auth working, the IAG needed to be in the intranet zone of the client machine.

     

    Secondly, the applications listed in the portal need to have a valid certificate, SPN setup properl or the portal willl not display.

     

    • Marked as answer by Nathan Bigman Sunday, January 18, 2009 10:11 AM
    Monday, February 11, 2008 9:09 AM
  • Hi,
      This functionality with IAG 2007 Service Pack 2 can be done out of the box without requiring any configuration in ISA or any complicated settings.  Once IAG 2007 SP2 is installed, configure an IAG trunk, open the Advanced Configuration, Select the "Authentication" tab and select the "Use Integrated Web Authentication" radio button.  The use of this function is described in the Integrated Windows Authentication document on technet http://technet.microsoft.com/en-us/library/dd282928.aspx.
    Regards,
    Dan
    Wednesday, June 17, 2009 2:36 AM
    Moderator
  • Hi Chaplic,

    Microsoft's guide is telling about publishing application to internal users and corporate domain users. Where you able to use IWA also for users who has domain computer and account but they are accessing portal from internet? Did you use your IWA portal for internal or external users?

    -Teemu Kirjavainen
    • Marked as answer by Erez Benari Monday, December 21, 2009 6:20 PM
    Tuesday, October 27, 2009 11:54 AM