|Applies To||RSA Authentication Agent 5.3 for Web|
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Microsoft Internet Information Server (IIS) 6.0
Single Sign-On (SSO)
Microsoft Outlook Web Access (OWA)
|Issue||What are the software requirements for RSA Authentication Agent 5.3 to protect OWA using SSO?|
|Resolution||All the Exchange Servers need to be Exchange 2003 running Windows 2003, and the Domain needs to be Windows 2003 running in 2003 native mode.|
RSA's SSO is accomplished by using the RSA Authentication Agent to obtain a Kerberos ticket, then presenting that ticket to OWA. RSA's SSO ISAPI extension uses a feature to pass the Kerberos ticket that is only available in IIS 6, which only runs on Windows 2003.
Exchange 2003 is required because earlier versions of Exchange did not support Kerberos. It should be noted that this requirement extends to ALL the Exchange servers because the Kerberos ticket is presented to the back end servers through the front end.
The domain must run in Windows 2003 native mode because RSA Authentication Agent uses some special extensions to the Kerberos protocol that are only available in Windows 2003 native domains.
|Legacy Article ID||a24546|