000021298 - What are the software requirements for RSA Authentication Agent 5.3 to protect OWA using SSO?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021298
Applies ToRSA Authentication Agent 5.3 for Web
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Microsoft Internet Information Server (IIS) 6.0
Single Sign-On (SSO)

Microsoft Outlook Web Access (OWA)
IssueWhat are the software requirements for RSA Authentication Agent 5.3 to protect OWA using SSO?
ResolutionAll the Exchange Servers need to be Exchange 2003 running Windows 2003, and the Domain needs to be Windows 2003 running in 2003 native mode.

RSA's SSO is accomplished by using the RSA Authentication Agent to obtain a Kerberos ticket, then presenting that ticket to OWA. RSA's SSO ISAPI extension uses a feature to pass the Kerberos ticket that is only available in IIS 6, which only runs on Windows 2003.

Exchange 2003 is required because earlier versions of Exchange did not support Kerberos. It should be noted that this requirement extends to ALL the Exchange servers because the Kerberos ticket is presented to the back end servers through the front end.

The domain must run in Windows 2003 native mode because RSA Authentication Agent uses some special extensions to the Kerberos protocol that are only available in Windows 2003 native domains.
Legacy Article IDa24546

Attachments

    Outcomes