Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remote Web Workplace with RSA SecurID authentication 1

Status
Not open for further replies.
Roadstone

Roadstone

Technical User
Apr 24, 2002
24
GB
Hi there,

Wondering if anyone has come across this before. We have a SBS2003 Premium server running ISA2004. We are using RSA SecurID to authenticate users when they connect to their Outlook Webmail / Remote Web Workplace portal. The RSA authentication works fine. Users point their browsers at and they are prompted to authenticate with their RSA username / passcode. Once authenticated, the sites home page is loaded. On the home page, there are two links - one to OWA (" and one to RWW (" If they click on the OWA link, users proceed to authenticate as per normal with their windows credentials (whilst we could tie this step into the RSA authentication using RADIUS, we like the idea of users still having to authenticate with their Windows credentials). Once authenticated, they can access their email as per normal.

Enter my problem:

If a user clicks the RWW link on the home page, they are required to enter their windows credentials at the RWW logon screen. That said, when they do this, they are booted back to the RSA screen. If they re-authenticate using RSA again, they find themselves back at the RWW authentiction screen. This loop continues.

The strange thing is that this looping only occurs when running Internet Explorer (def on versions 6 and 7). If I connect using Firefox, it goes through to the main RWW menu with out any problems. Whilst I would just get all my users to use firefox, RWWs reliance on direct-x does not make this a viable solution.

If anyone has any recommendations, or suggested solutions, I would be greatful for some feedback.

Regards,

Rob
 
Sort by date Sort by votes
Hello,

I've finally managed to get to the bottom of this, with some help from Microsoft. Hopefully, this will spare someone else the frustration.

Cause:

When a user has successfully authenticated with RSA, a session cookie is create. Once successfully authenticated by RSA the Windows logon page is called: /Remote/logon.aspx?ReturnUrl=%2fremote%2fDefault.aspx

The problem is that in the logon.aspx page, the following script code is set to blow away all existing session cookies (including the RSA authentication cookie).

// Clear the cache at all times
document.execCommand("ClearAuthenticationCache","false");
document.cookie = "IE6SP1=" + isIE6sp1();


Solution:

The solution is to edit the logon.aspx page using a text editor like notepad (the default location is C:\Inetpub\remote) and comment out the document.execCommand line as shown below.

// Clear the cache at all times
// document.execCommand("ClearAuthenticationCache","false");
document.cookie = "IE6SP1=" + isIE6sp1();

Save the changes.

That’s it! You should be able to proceed on and use Remote Web Workplace.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
203
MaioMaio
MaioMaio
Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
252
Aquiles Vidal
Aquiles Vidal
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
447
gbaughma
gbaughma
DeepuM
  • Locked
  • Question
Web Response returned Web Exception : The underlying connection was closed error | Simphony & QS
Replies
0
Views
162
DeepuM
DeepuM
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
264
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top