How to SecurID-protect OWA using single sign-on (SSO) when OWA is in a cluster

3 years ago

Originally Published: 2005-01-27

Article Number

000061356

Applies To

RSA Authentication Agent 5.3 for Web
Microsoft Windows Server 2003
Microsoft Exchange Server 2003
Microsoft Outlook Web Access (OWA)

Single Sign-On (SSO)

Issue

How to SecurID-protect OWA using single sign-on (SSO) when OWA is in a cluster
Users are be prompted for an Exchange authentication after the SecurID challenge. The authentication requests fail, even if the correct Windows password is used.
Error: "401 unauthorized" when trying to access mailboxes using Outlook Web Access (OWA)

Cause

RSA Security's setup instructions refer to a basic OWA Exchange Front End / Back End configuration. In this case, the Front Ends are communicating directly to the Back End exchange servers. When the Back End Servers are in a cluster, the communication is from the Front Ends to one or more virtual servers.

Resolution

Using Step 1 on page 52 of the RSA Authentication Agent 5.3 for Web Installation and Configuration Guide (file name: WebAgent_IIS.pdf), set up the Delegation rights to the Virtual Servers and verify that the Virtual Server have the proper SPN settings.

See Error: '401 unauthorized' when trying to access mailboxes through SecurID-/SSO-protected OWA for instructions to set SPN's.

Don't see what you're looking for?

Related Articles

Trending Articles