Release Notes
Web Filter for Authentication for RSA SecurID
(Microsoft Internet Security and Acceleration Server 2000 Feature Pack 1)
Using the Web filter for authentication for RSA SecurID, you can authenticate users, based on authentication credentials from the SecurID product from RSA. In this way, ISA Server can secure IIS servers that have Web sites requiring authentication credentials from RSA SecurID.
Back to Contents
Authentication for RSA SecurID is supported on computers with the following:
- Windows 2000 Service Pack 3
- ISA Server 2000 with ISA Server Service Pack 1 and ISA Server Feature Pack 1
Authentication for RSA SecurID was tested for ISA Server with RSA ACE/Server v5.0 and with RSA ACE/Server 5.0 Patch 03.
Back to Contents
Before installing the Web filter for authentication for RSA SecurID, perform the following steps on each ISA Server computer in the array:
- On the RSA ACE/Server computer, click Start, click Programs, click RSA ACE Server, and then click Database Administration - Host Mode.
- On the Agent Host menu, click Add Agent Host....
- In Name, type the name of the ISA Server computer.
- In Network address, type the IP address of the ISA Server computer, if it did not appear.
- Copy the Sdconf.rec file, located in the ACE\data folder on the RSA ACE/Server computer, to the %windir%\system32 folder on the ISA Server computer.
- On the ISA Server computer, create a registry value type of REG_SZ in the HKEY_LOCAL_MACHINE\Software\SDTI\ACECLIENT folder named PrimaryInterfaceIP. Set its value to the IP address by which the ACE Server recognizes the host computer.
- Close all instances of ISA Server management.
To install the Web filter for authentication for RSA SecurID, type the following at a command prompt
To install the Web filter for authentication for RSA SecurID in unattended mode, type the following at a command prompt
Note:
- You must install the Web filter for RSA SecurID on all array members.
Back to Contents
To uninstall the Web filter for authentication for RSA SecurID
- Click Start, click Control Panel, and then click Add or Remove Programs.
- Select Microsoft ISA Server 2000 Updates, and then click Remove.
- In ISA Hot Fixes Uninstall, select Web Filter for RSA SecurID, and then click Remove.
To remove the Web filter for authentication for RSA SecurID in unattended mode, type the following at a command prompt
ISA Server installation directory\$UNINSTALL_ISA_SP$\SP_1\hotfix.exe -q UHF252
Note:
- Removing the Web filter for authentication for RSA SecurID does not remove all the relevant registry keys, which were created under HKEY_LOCAL_MACHINE\SOFTWARE\SDTI. It is not necessary to remove the registry keys before reinstalling the Web filter.
Back to Contents
- Although the Web filter for authentication for RSA SecurID (a component of ISA Server Feature Pack 1) can be installed on a computer that previously had an RSA ACE/Agent installed, this scenario has not been tested.
- After using the Web filter for authentication for RSA SecurID extensively, stopping the Web Proxy service may take several minutes.
- When a Web filter fails to load properly, an appropriate event message is logged to the event viewer. All ISA Server services are restarted, despite the failure. If you want an additional precaution for specific Web filters (including the Web filter for authentication for RSA SecurID) that monitor for security, create an alert for the Missing installation component or Component load failure event. This will stop the ISA Server services. For instructions on configuring alerts, see ISA Server on-line Help.
- You must install the Web filter for RSA SecurID on all array members. Otherwise, when the filter is enabled, if you restart services on array members on which the feature pack is not installed, this event message appears, once every hour:
ISA Server failed to load some_Web_Filter.DLL. The error code shown in the data area of the event properties indicates the cause of the failure.
- Configuration information for the Web filter for authentication for RSA SecurID installed in array configurations is stored in Active Directory. Active Directory replicates the information to all other domain controllers. The configuration is updated when the relevant domain controller is replicated.
After you install Web filter for authentication for RSA SecurID on the first array member, it is recommended that you wait for the Active Directory replication process to complete before installing on other array members.
Back to Contents
This section lists differences between standard RSA SecurID functionality on IIS Server and the functionality provided with the Web filter for authentication for RSA SecurID, which is installed on the ISA Server computer:
- The following features are not supported by the Web filter for authentication for RSA SecurID:
- Enable Group Security
- Send Domain and User Name to RSA Ace/Server
- Use JavaScript Popup Window to Authenticate in Frames
- Accept and Generate V4.3-Compatible Cookies
- Enable Multiple Domain Support
- Automatic redirection of non-secure requests (HTTP) to secure requests (HTTPS)
- To require a secure connection for the Web filter for authentication for RSA SecurID, use the Bridging properties of the relevant Web publishing rule. On the Bridging tab, select Require secure channel (SSL) for published site. Be sure that Enable SSL Listeners is selected on the relevant listener (for incoming Web requests) and that a server certificate is specified.
- For the Web filter for authentication for RSA SecurID, RSA Security templates are always stored in the sditemplates folder under the ISA Server installation folder.
Back to Contents
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, people, and events depicted herein are fictitious and no association with any real company, organization, product, person, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2002 Microsoft Corporation. All rights reserved.
Microsoft, Outlook, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries/regions.
Back to Contents