janalent kb isa ldaps configuration guide
TRANSCRIPT
-
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
1/42
Janalent
knowledge . wisdom . performanceCopyright Janalent North America LLC, All rights reserved
ISA Server 2006 Configuration Guide for:Publishing SharePoint/OWA via Standalone ISA Server
Document Abstract:This document provides a step-by-step guide to properly configure publish SharePoint through ISA using
LDAPS for authentication.
Author(s):
Elias Hill
-
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
2/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
2
Document Control & Sign-off
Document Properties
Item Details
Document Title ISA Server 2006 Configuration Guide for: - Publishing SharePoint/OWA via Standalone ISA Server
Creation Date 12/13/08
Last Updated 07/09/09
Authors Elias HillDate 12/13/08
Version number 0.0.1
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
3/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
3
Table of Contents
Document Control & Sign-off ........................................................................................................................................ 2
About the Authors ..................................................................................................................................................... 4
Overview ........................................................................................................................................................................ 5
Document Scope ....................................................................................................................................................... 5
Assumptions .............................................................................................................................................................. 5
High Level Processes ................................................................................................................................................. 6
Procedures ..................................................................................................................................................................... 7
Install an Enterprise Root CA in the Authenticating Domain .................................................................................... 7
Configure ISA for LDAPS Authentication ................................................................................................................. 14
Publish the SharePoint Sites in ISA .......................................................................................................................... 18
Test Connectivity to LDAPS Server (fail) .................................................................................................................. 23
Enable Certificate Auto-Enrollment in the Domain ................................................................................................. 25
Export CA Root Certificate and Install on the ISA server ......................................................................................... 27
Test Connectivity to LDAPS Server (success) ........................................................................................................... 37
Validate Site Access, SSO and File Upload Functionality ......................................................................................... 39
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
4/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
4
About the Authors
Elias Hill, Manager of Solutions Architecture, Janalent North America
Eli is an Enterprise Solutions Architect and is a multi-disciplined expert in messaging & collaboration system
solutions and network engineering. He has over 10 years experience in designing, deploying, and maintaining
directory, messaging, and network systems in large, complex, global enterprises.
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
5/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
5
ISA SERVER 2006 CONFIGURATIONGUIDE FOR:
OverviewIn many deployments of SharePoint or OWA, it is common to publish sites using an ISA server that might be a
member of a domain. As a member of the domain, an ISA server can authenticate users without much
configuration. However, in most enterprise environments, it is atypical to have the perimeter network
infrastructure leveraging an ISA server; more frequently, appliance firewalls (Cisco, Juniper, Checkpoint, etc) are
deployed. In these scenarios, the ISA server would likely be deployed as a reverse proxy for published client access
for Microsoft applications, including Exchange, SharePoint, and Office Communication Server. In this context, the
reverse proxy is often located in a DMZ, where traffic is tightly managed. Here, not only would it likely violate the
security policy, but is also unsupported and impractical to open up all the necessary ports to support a domain
member across a firewall. A more desirable solution would have the ISA server authenticating users via LDAPS
(secure LDAP, tcp/636), which is characterized by two operational parameters:
1. The client and server establish TLS before any LDAP messages are transferred2. Once TLS closes, the LDAPS connection must be closed
Furthermore, by leveraging HTTPS to client access applications and LDAPS to a designated domain controller, users
can change passwords and be informed of password expiration. In this way, one can approach enterprise clients
with a solution that not only achieves advertised features of Microsoft client access applications, but also satisfies
security policies (i.e. two (2) standards-based, encrypted ports: tcp/443 and tcp/636). Note: Although outside the
scope of this document, two-factor authentication mechanisms are also supported in this context.
Document ScopeThis document provides a step-by-step guide to demonstrate and explain how to publish SharePoint sites, using
LDAPS as the authentication mechanism for domain users. There are a few sections that deviate from a perfect
installation to provide the reader with troubleshooting procedures. This content of this document is generic andmay not fit every scenario.
Assumptions
Domain controllers are running Windows Server 2008. A wildcard certificate has been procured (e.g. *.genericcompany.com). The public-facing DNS zone file has been updated with host entries for all published sites. SharePoint is running on MOSS 2007; in this scenario, there are five (5) sites with distinct host headers
ending with the same domain suffix. Each site has been properly configured for SSL, including AAM
(Alternate Access Mapping). Note: SharePoint configuration is outside the scope of this document.
The firewall, running ISA Server 2006, is not a member of the eApps domain; instead, it is member of theJanalent production domain.
All client-server/server-server interactions must be encrypted. SSO (single sign-on) and FBA (forms-based authentication) must be enabled. Note: SharePoint
configuration is outside the scope of this document.
Users must be able to change passwords through the published web interface.
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
6/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
6
High Level ProcessesThe following procedures will be described:
1. Install an Enterprise Root CA in the Authenticating Domain2. Configure ISA for LDAPS Authentication3. Publish the SharePoint Sites in ISA4. Test Connectivity to LDAPS Server (fail)5. Enable Certificate Auto-Enrollment in the Domain (optional); just be sure that the CA has issued to the
domain controller used for LDAPS inquiries by the ISA server
6. Export CA Root certificate and Install on the ISA server7. Test Connectivity to LDAPS Server (success)8. Validate Site Access, SSO and File Upload Functionality
Internet
LDAP
S
(tcp/63
6)
HTTP
S
(tcp/443)
HTTPS
(tcp/443)
ISA Server
Domain Controller MOSS or SharePoint
Client
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
7/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
7
Figure 1 Considered network topology for ISA using LDAPS for authentication
Procedures
Install an Enterprise Root CA in the Authenticating DomainOn the designated domain controller (used for LDAPS), launch computer management and add a new role. Check
Active Directory Certificate Services.
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
8/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
8
Click Next
Select Certification Authority and click Next
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
9/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
9
Select Enterprise and click Next
Select Root CA and click Next
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
10/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
10
Select Create a new private key and click Next
Accept the default cryptographic settings (RSA#Microsoft Software Key Storage Provide, sha1, 2048) and click Next
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
11/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
11
The default common name is acceptable, but note that the name cannot be altered in the future without
rebuilding the entire certificate chain. Click Next.
Set the validity period to an acceptable value (in this case, 10 years) and click Next
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
12/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
12
Select the locations for the certificate database and log files (here, defaults) and click Next
Review the configuration, noting the warning about changing the name of the server, and click Install
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
13/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
13
Note the successful installation and click Close
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
14/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
14
Configure ISA for LDAPS AuthenticationOn the ISA server, populate the HOSTS file referencing the LDAPS provider by its FQDN; later on, the certificate
auto-enrollment process on enterprise CA will issue a certificate to the domain controller (in this case, to itself)
using the FQDN so using any other name in the LDAPS authentication will result in an error.
In the ISA 2006 console, navigate to Configuration General and select Specify RADIUS and LDAP Servers
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
15/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
15
Select the LDAP Servers tab and click Add
Provide the FQDN of the domain controller that will server that will respond to LDAPS. Server description is
optional. The default timeout is 5 seconds. Click OK.
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
16/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
16
Provide the correct domain name for the authenticating domain, check Connect LDAP servers over secure
connection, provide a credential to access the directory (domain user is sufficient), and click OK
Provide login expressions to direct authentication query to the correct provider and click OK
In this case, EAPPS\* (NetBIOS) and *@eapps.local (UPN)
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
17/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
17
Click Apply, wait for the changes to commit and click OK
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
18/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
18
Publish the SharePoint Sites in ISALaunch the ISA 2006 console and create a new Web Listener, provide a descriptive name, and click the Listener tab
Create a new listener with a descriptive name.
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
19/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
19
On the Authentication tab, select HTML Form Authentication, select LDAP (Active Directory), click Advanced
Check Require all users to authenticate and click OK
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
20/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
20
On the Forms tab, check Allow users to change their passwords
On the SSO tab, check Enable Singe Sign On, click Add... and provide the appropriate URL suffix. Note the extra
pre-pended period.
.genericdomain.com
Click OK
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
21/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
21
On the Authentication Delegation tab, select NTLM authentication
Click OK
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
22/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
22
Click Apply, wait for the changes to commit and click OK
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
23/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
23
Test Connectivity to LDAPS Server (fail)To use LDAPS, a server certificate must be installed on the LDAP server and the root certificate from the issuing CA
needs to be installed on the ISA Server computer. This section demonstrates what happens in the absence of the
proper certificates.
LDAPS functionality can be validated using LDP.
Select ConnectionConnect
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
24/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
24
Provide the FQDN of the designated domain controller, specify the LDAPS port (636), and check SSL.
Note that the LDAPS connection fails with a vague error.
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
25/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
25
Enable Certificate Auto-Enrollment in the DomainTo satisfy the appropriate requirements for LDAPS, a server certificate must be issued to the domain controller.
Later, the issuing CA root certificate will be installed on the ISA server as a trusted root authority.
In the domain, configure a GPO that automatically enrolls each domain controller with a certificate. Launch Group
Policy Management Editor and edit the Default Domain Controllers Policy. Navigate to Computer Configuration
PoliciesWindows Settings Security Settings Public Key Policies Certificate Services Client Auto-
Enrollment
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
26/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
26
Select Enable from the Configuration Model drop-down and check Renew expired certificates, update pending
certificates, and remove revoked certificates. Click OK.
Immediately apply the GPO to the domain controller by running gpupdate from the command line.
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
27/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
27
Export CA Root Certificate and Install on the ISA serverOn the enterprise root certificate authority, run MMC.
Select, Add/Remove Snap-in
Select Certificates and click Add >
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
28/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
28
Select Computer account and click Next
Select Local computer: (the computer this console is running on) and click Finish
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
29/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
29
Navigate to PersonalCertificates and be sure to select the root certificate, indicated by the Certificate Template(Root Certification Authority). Right-click All TasksExport
Click Next
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
30/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
30
Select No, do not export the private key. Exporting the private key would unnecessarily compromise the security
of the certificate.
Leave the default encoding and click Next
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
31/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
31
Provide a filename and click Save
Click Next
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
32/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
32
Note the settings and click Finish
Click OK
Copy the exported certificate file to the ISA server. Launch MMC, add the Certificates snap-in for the local
computer, and, under Trusted Root Certification Authorities, right-click All TasksImport
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
33/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
33
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
34/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
34
Click Next
Browse and locate the certificate file and click Next
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
35/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
35
Select Place all certificates in the followingstore, ensure that Trusted Root Certification Authorities is displayed,
and click Next
Note the settings and click Next
Click OK
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
36/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
36
Note that the root certificate is now listed under Trusted Root Certification Authorities
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
37/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
37
Test Connectivity to LDAPS Server (success)LDAPS functionality can be validated using LDP.
Select ConnectionConnect
Provide the FQDN of the designated domain controller, specify the LDAPS port (636), and check SSL.
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
38/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
38
Note that the output indicates a successful connection; all error codes are zero.
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
39/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
39
Validate Site Access, SSO and File Upload FunctionalityLaunch IE on an external computer, browse to a published website and provide an appropriate credential. Note the
FBA interface.
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
40/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America, LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
40
Browse to Share Documents
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
41/42
Janalent Knowledge, Wisdom, PerformanceJanalent North America LLC
7251 W Lake Mead Blvd, Suite 300 | Las Vegas, NV 89128
Phone: +1.888.290.4870 | web: www.janalent.com | email: [email protected] 2008 Janalent North America LLC. All rights reserved
ISAS
erver2006C
onfigurationGuidefor:
41
Upload individual and multiple documents.
mailto:[email protected]:[email protected]:[email protected] -
8/14/2019 Janalent KB ISA LDAPS Configuration Guide
42/42
To test SSO functionality, manually type another site within the same domain suffix and MOSS instance (i.e.
https://extranet.genericdomain.com/default.aspx)
https://extranet.marketframes.com/default.aspxhttps://extranet.marketframes.com/default.aspxhttps://extranet.marketframes.com/default.aspx