cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Basic Auth

Korbyn
Level 5
Partner Accredited

‎11-29-2010 02:06 PM

ok, time for the Random question of the week:

Sun Portal server, connecting to the Exchange 2007 CAS servers (no SSL being used internally), can we configure OWA/EnterpriseVault so that just Basic Authentication is used when connecting to the Search or Archive Explorer pages on the EV servers?  right now users get a 3rd logon when redirected to the EV IIS sites for Search and Archive Explorer.

Right now the EV servers have the sites configured for Basic Auth and Integrated Auth, and I beleive if we take off the IA, Outlook users will have a slight problem or two...

It has been suggested by a couple of programmers that we just need to set up another EnterpriseVault site on the EV servers, using a different port, and have that site set to use Basic Auth, and then modify the java scripts on the CAS servers so the redirection includes the different port.

Anyone done anything like that before, or come up with a much better solution for connecting to OWA from non-domain machines and not having to deal with the extra logon prompts?

0 Kudos
3 REPLIES 3

JesusWept3
Level 6
Partner Accredited Certified

‎11-29-2010 02:48 PM

if you put in basic auth, by its very nature you will get the login prompt anyway, the IWA is meant to alleviate that with domain machines due to the fact that it will try and use the credentials its already used to authenticate against the domain.

But if IWA fails and it prompts, the prompt you are seeing is from basic authentication any way.

If you change any of the JS it obviously won't be supported, and if you do need to call support for anything then you will probably be asked to put the original files back in place to make sure that its not those changes causing the problems

And any time you install an updated version of the EV installs, then you will have to go back and make the changes, but where you may have to modify the code may be different (leading to a longer resolution time for yourselves than normal)

Also if you were to do this, you wouldnt set up a new site, but instead a new EV serverand just have OWA traffic drive to that server instead.

If you make the changes to basic across the board and not on a new EV Server that no one uses, then you actually make the problem worse for your regular users as everything from storing in vault, restoring, viewing, syncs etc will all require authentication.

But realistically i don't think it will work out all that well, but thats just a hunch

https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

Korbyn
Level 5
Partner Accredited

‎11-30-2010 07:07 AM

The Sun Portal caches and reuses the credentials so when coming through the portal site the basic auth would be used (supposedly, I'm not a Portal expert by any streatch of the imagination).

But you've touched on something, setting up a new EV server, sounds like setting up a Proxy?  I thought I read about this coming down the pipe, but haven't found any documentation or recommended configurations.  One of the few documents I can find suck, ie OWAIntExtPublish.pdf, confusing as hell.  With E2003 and E2007/E2010 being so vastly different, the documentation to OWA configuration should be completely seperate, it's super confusing.

Anyway, I'll stop venting, if there is a way of setting up a EV "proxy" server for CAS connections, that I would very much love to see.  With this client and their two different Portal types (Sun and Netscaler) and other clients who don't don't want to publish their EV Servers externally, but would  publish an EV Proxy...

0 Kudos

Korbyn
Level 5
Partner Accredited

‎11-30-2010 09:57 AM

IF I stand up another EV server, no archiving or any other tasks, and set it up so that it is externally accessible, and set it to be the ExternalURL and assuming any other configurations settings necessary, would the CAS server send all of it's request to that one EV server?  I have 7 Archiving servers which I do not want to publish externally...  And Search and Archive explorer, and and item retrival, would then go through this one EV box?

Or is that strictly for Outlook Anywhere?  is there a way to do for OWA what I describ above?

I really miss E2003, in the EV functionality, where you just had to connect to the FE and it did all the work connecting to the backend...

0 Kudos