soniczoom5
asked on
ISA 2006 and smart card authentication
Hello,
I have a back end web server that is smart card enabled; when I bypass ISA and authenticate with the server directly, I can login ok using a smart card.
When I throw ISA into the mix, the smart card credentials do not get passed and I cannot login.
Any thoughts? I have kerberos delegation set from ISA to the backend.
Thanks
I have a back end web server that is smart card enabled; when I bypass ISA and authenticate with the server directly, I can login ok using a smart card.
When I throw ISA into the mix, the smart card credentials do not get passed and I cannot login.
Any thoughts? I have kerberos delegation set from ISA to the backend.
Thanks
What kind of certificates are you using enterprise? You say you kerberos enabled, what does mean for you? Just saying to which spn you will authenticating is not enough.. You also have to allow isa (the machine that has isa installed or computers account) to delegate credentials to that spn using any authentication protocol in activedirectory directory. Are you delegating credentials to a web site that has integrated authentication enabled? Does isa map the certificate to auser correctly?
ASKER
this is for a government agency; we typically delegate kerberos to the spn via url method using http. the back end is using integrated authentication; i would think the mapping is working correctly; we have tons of other apps and web servers that are authenticating with the same domain and working ok.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
had to manually set the spn