Implementation Guide for protecting



Similar documents
Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

BlackShield ID Agent for Remote Web Workplace

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

Juniper SSL VPN Authentication QUICKStart Guide

Strong Authentication for Juniper Networks SSL VPN

BlackShield ID PRO. Steel Belted RADIUS 6.x. Implementation Guide. Copyright 2008 to present CRYPTOCard Corporation. All Rights Reserved

Strong Authentication for Microsoft SharePoint

Strong Authentication for Microsoft TS Web / RD Web

Cisco VPN Concentrator Implementation Guide

Apache Server Implementation Guide

BlackShield ID MP Token Guide. for Java Enabled Phones

Cisco ASA Authentication QUICKStart Guide

Strong Authentication for Cisco ASA 5500 Series

Strong Authentication for Juniper Networks

Agent Configuration Guide

Check Point FW-1/VPN-1 NG/FP3

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

Juniper Networks SSL VPN Implementation Guide

BlackShield ID Best Practice

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web App. Technical Manual Template

Protecting Juniper SA using Certificate-Based Authentication. Quick Start Guide

Integration Guide. SafeNet Authentication Service. VMWare View 5.1

Configuring IBM Cognos Controller 8 to use Single Sign- On

LDAP Synchronization Agent Configuration Guide

HELP DOCUMENTATION SSRPM WEB INTERFACE GUIDE

Installation Guide. SafeNet Authentication Service

Rohos Logon Key for Windows Remote Desktop logon with YubiKey token

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

IIS, FTP Server and Windows

Defender EAP Agent Installation and Configuration Guide

McAfee One Time Password

QUANTIFY INSTALLATION GUIDE

Creating IBM Cognos Controller Databases using Microsoft SQL Server

How to install and use the File Sharing Outlook Plugin

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

Creating a User Profile for Outlook 2013

SELF SERVICE RESET PASSWORD MANAGEMENT WEB INTERFACE GUIDE

Welcome Guide for MP-1 Token for Microsoft Windows

Windows XP Exchange Client Installation Instructions

Remote Logging Agent Configuration Guide

DIGIPASS Authentication for Check Point Security Gateways

BlackShield Authentication Service

Technical Note. Configuring Outlook Web Access with Secure WebMail Proxy for eprism

SAM Context-Based Authentication Using Juniper SA Integration Guide

Product Guide Addendum. SafeWord Check Point User Management Console Version 2.1

RSA SecurID Ready Implementation Guide

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

NovaBACKUP xsp Version 15.0 Upgrade Guide

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

DigitalPersona Pro. Password Manager. Version 5.x. Application Guide

Citrix Systems, Inc.

Ingenious Testcraft Technical Documentation Installation Guide

LDAP Synchronization Agent Configuration Guide for

Strong Authentication for Microsoft Windows Logon

Agent Configuration Guide for Microsoft Windows Logon

Entrust Managed Services PKI

Citrix Access Gateway Plug-in for Windows User Guide

DIGIPASS Authentication for Check Point Connectra

WhatsUp Gold v16.1 Installation and Configuration Guide

NSi Mobile Installation Guide. Version 6.2

Client Configuration Secure Socket Layer. Information Technology Services 2010

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Using etoken for Securing s Using Outlook and Outlook Express

NTP Software File Auditor for Windows Edition

How to Secure a Groove Manager Web Site

Accessing Derbyshire County Council s Outlook Web Access (OWA) Service. Smart Phone App version

WhatsUp Gold v16.2 Installation and Configuration Guide

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

IMS Health Secure Outlook Web Access Portal. Quick Setup

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide

Xcalibur Global Version 1.2 Installation Guide Document Version 3.0

Entrust Managed Services PKI Administrator Guide

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Getting Started

Microsoft Dynamics GP SQL Server Reporting Services Guide

SafeNet Authentication Service

Defender Configuring for Use with GrIDsure Tokens

ELM Server Exchange Edition Virtual Archive Mailbox version 5.5

Outlook 2010 Setup Guide (POP3)

HOTPin Integration Guide: DirectAccess

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Using Outlook Web Access (OWA) & Remote Web Workplace

OUTLOOK ANYWHERE CONNECTION GUIDE FOR USERS OF OUTLOOK 2010

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

SafeGuard Enterprise Web Helpdesk. Product version: 6.1

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server

Defender 5.7. Remote Access User Guide

Connector for Microsoft Dynamics Configuration Guide for Microsoft Dynamics SL

KeyAdvantage System DMS Integration. Software User Manual

INTEGRATION GUIDE. DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter

Microsoft IAS and NPS Agent Configuration Guide

Windows VPN and Epic Installation Instructions

BusinessObjects Enterprise XI Release 2

Integration Guide. SafeNet Authentication Service. Using RADIUS Protocol for Cisco ASA

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

Security Assertion Markup Language (SAML) Site Manager Setup

Transcription:

Implementation Guide for protecting Remote Web Workplace (RWW) Outlook Web Access (OWA) 2003 SharePoint 2003 IIS Web Sites with BlackShield ID Copyright 2010 CRYPTOCard Inc. http:// www.cryptocard.com

Copyright Copyright 2010, CRYPTOCard All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of CRYPTOCard. Trademarks BlackShield ID, BlackShield ID SBE and BlackShield ID Pro are either registered trademarks or trademarks of CRYPTOCard Inc. All other trademarks and registered trademarks are the property of their owners. Additional Information, Assistance, or Comments CRYPTOCard s technical support specialists can provide assistance when planning and implementing CRYPTOCard in your network. In addition to aiding in the selection of the appropriate authentication products, CRYPTOCard can suggest deployment procedures that provide a smooth, simple transition from existing access control systems and a satisfying experience for network users. We can also help you leverage your existing network equipment and systems to maximize your return on investment. CRYPTOCard works closely with channel partners to offer worldwide Technical Support services. If you purchased this product through a CRYPTOCard channel partner, please contact your partner directly for support needs. To contact CRYPTOCard directly: International Voice: +1-613-599-2441 North America Toll Free: 1-800-307-7042 support@cryptocard.com For information about obtaining a support contract, see our Support Web page at http://www.cryptocard.com. Related Documentation Refer to the Support & Downloads section of the CRYPTOCard website for additional documentation and interoperability guides: http://www.cryptocard.com. Publication History Date Changes Version January 26, 2009 Document created 1.0 July 9, 2009 Copyright year updated 1.1 October 16, 2009 Minor updates 1.2 BlackShield ID Implementation guide for IIS,SharePoint,OWA,RWW i

Table of Contents Overview... 1 Applicability... 1 Assumptions... 2 Operation... 2 Preparation and Prerequisites... 2 Configuration... 3 Protecting Microsoft Remote Web Workplace...3 Protecting Microsoft Outlook Web Access (OWA) using forms-based authentication...3 Protecting Microsoft Outlook Web Access (OWA) using basic authentication...4 Protecting Microsoft Share Point...5 Protecting custom virtual directories...6 GrIDsure Tokens... 7 Outlook Web Access Forms based authentication...7 SharePoint...9 Troubleshooting... 10 BlackShield ID Implementation guide for IIS,SharePoint,OWA,RWW ii

Overview By default Remote Web Workplace, Outlook Web Access and SharePoint requires that a user provide a correct user name and password to successfully logon. This document describes the steps necessary to augment this logon mechanism with strong authentication by adding a requirement to provide a one-time password generated by a CRYPTOCard token using the BlackShield ID Agent IIS ( Agent ). The BlackShield ID IIS Agent allows two-factor authentication of users accessing IIS web sites, including Microsoft Remote Web Workplace Microsoft Outlook Web Access (Basic & Web forms) Microsoft Share Point Any virtual directory you have created Applicability Summary Product Name Microsoft Internet Information Server 6.0 Vendor Site http://www.microsoft.com Supported Application Software Remote Web Workplace 2003 Outlook Web Access 2003 Microsoft SharePoint 2003 IIS Virtual Directories Authentication Method Supported BlackShield ID Pro Agent functionality BlackShield ID Pro Agent Authentication Mode New PIN Mode Web Site Protection One-time password Challenge-response / Next Tokencode BlackShield ID Pro static password User-changeable Alphanumeric 3-16 digit PIN User-changeable Numeric 3-16 digit PIN Server-changeable Alphanumeric 3-16 digit PIN Server-changeable Numeric 3-16 digit PIN Virtual Directories BlackShield ID Implementation guide for IIS,SharePoint,OWA,RWW 1

This integration guide is applicable to: CRYPTOCard Server Authentication Server Version BlackShield ID Small Business Edition 1.2+ Professional Edition 2.3+ CRYPTOCard Agent Agent BlackShield ID Authentication Agent for IIS Version 2.x Operating System 32-bit Windows 2003 Assumptions BlackShield ID has been installed and configured and a Test user account can be selected in the Assignment Tab. Operation The BlackShield ID Agent for IIS modifies the logon pages for Remote Web Workplace, Outlook Web Access, and Sharepoint. It adds an additional field labeled OTP (One-Time Password) to the logon pages. The user will enter in their regular credentials as well as an OTP after the plug-in has been enabled. Preparation and Prerequisites 1. Ensure you can successfully authenticate to the given service using a static username and password prior to enabling BlackShield ID protection. 2. If you are using a generated key file, ensure to place it in the appropriate key file directory within the agent s installation directory. BlackShield ID Implementation guide for IIS,SharePoint,OWA,RWW 2

Configuration Protecting Microsoft Remote Web Workplace 1. Open the Internet Information Services (IIS) Manager. It can be started by clicking Start Administrative Tools Internet Information Services (IIS) Manager. 2. Expand the first node in the left hand pane, which is the name of your web server (local computer). 3. Expand Web Sites. 4. Expand Default Web Site. 5. Right click the virtual directory Remote, and select Properties. 6. Select the CRYPTOCard tab. 7. Select Enable BlackShield Authentication for this virtual directory 8. From the drop down menu, select the option for RWW, which has its path ending in iis agent\rww\authisapi.dll. 9. Select OK. RWW is now protected. To verify, right click the virtual directory Remote and select Browse. A modified logon form should appear with an OTP field added. Protecting Microsoft Outlook Web Access (OWA) using forms-based authentication 1. Open the Internet Information Services (IIS) Manager. It can be started by clicking Start Administrative Tools Internet Information Services (IIS) Manager. 2. Expand the first node in the left hand pane, which is the name of your web server (local computer). 3. Expand Web Sites. 4. Expand Default Web Site. 5. Expand ExchWeb. 6. Right click the virtual directory bin, and select Properties. 7. Select the CRYPTOCard tab. 8. Select Enable BlackShield Authentication for this virtual directory 9. From the drop down menu, select the option for OWA, which has its path ending in iis agent\owa\authisapi.dll. 10. Select OK. BlackShield ID Implementation guide for IIS,SharePoint,OWA,RWW 3

OWA is now protected. To verify, right click the virtual directory Exchange and select Browse. A modified logon form should appear with an OTP field added. Protecting Microsoft Outlook Web Access (OWA) using basic authentication The IIS agent is installed to protect OWA using forms authentication by default, however, it can be reconfigured to use Basic authentication by following the steps below if your Exchange Server is not using Forms authentication. 1. Open the Internet Information Services (IIS) Manager. It can be started by clicking Start Administrative Tools Internet Information Services (IIS) Manager. 2. Expand the first node in the left hand pane, which is the name of your web server (local computer). 3. Expand Web Sites. 4. Right click Default Web Site and select Properties. 5. Select the CRYPTOCard tab. 6. Select Enable BlackShield Authentication for this virtual directory 7. From the drop down menu, select the option for OWA, which has it's path ending in iis agent\owa\authisapi.dll. 8. Select Preconfigured application from the set of radio buttons below 9. From its drop down menu, select Exchange (Cryptocard_template_exchange.xml). 10. Select OK. 11. Expand Default Web Site. 12. Expand ExchWeb. 13. Right click the virtual directory bin, and select Properties. 14. Select the CRYPTOCard tab. 15. Select Enable BlackShield Authentication for this virtual directory 16. From the drop down menu, select the option for OWA, which has it's path ending in iis agent\owa\authisapi.dll. 17. Select OK. OWA is now protected. To verify, right click the virtual directory Exchange and select Browse. A modified logon form should appear with an OTP field added. BlackShield ID Implementation guide for IIS,SharePoint,OWA,RWW 4

Protecting Microsoft Share Point 1. Open the Internet Information Services (IIS) Manager. It can be started by clicking Start Administrative Tools Internet Information Services (IIS) Manager. 2. Expand the first node in the left hand pane, which is the name of your web server (local computer). 3. Expand Web Sites. 4. Expand the name of your SharePoint web site. By default, the name of this site is often companyweb 5. Right click the virtual directory _vti_bin, and select Properties. 6. Select the CRYPTOCard tab. 7. Select Enable BlackShield Authentication for this virtual directory 8. From the drop down menu, select the option for Sharepoint, which has it's path ending in iis agent\sharepoint\authisapi.dll. 9. Select Preconfigured application from the set of radio buttons below 10. Select OK. Sharepoint is now protected. To verify, right click the name of your Sharepoint web site (companyweb) and select Browse. The default BlackShield logon form should appear. Note: In order to allow Microsoft authentication to succeed through the BlackShield Sharepoint logon form, it is necessary to enable both anonymous access and basic authentication for the Sharepoint application. If this is not done, the user will be able to authenticate against BlackShield but the authentication to Sharepoint will fail. Follow the steps below to accomplish this: 1. Open the Internet Information Services (IIS) Manager. It can be started by clicking Start Administrative Tools Internet Information Services (IIS) Manager. 2. Expand the first node in the left hand pane, which is the name of your web server (local computer). 3. Expand Web Sites. 4. Right click the name of your SharePoint web site and select Properties. By default, the name of this site is often company web 5. Select the Directory Security tab. 6. Select the Edit button under the Authentication and Access Control section. 7. Select Enable Anonymous Access at the top of the screen, do not change the user name or password. BlackShield ID Implementation guide for IIS,SharePoint,OWA,RWW 5

8. Unselect Integrated Windows Authentication. 9. Select Basic Authentication. 10. Click OK. 11. Click Yes to the popup dialog. 12. Click OK to exit the properties tab. Protecting custom virtual directories 1. Open the Internet Information Services (IIS) Manager. It can be started by clicking Start Administrative Tools Internet Information Services (IIS) Manager. 2. Expand the first node in the left hand pane, which is the name of your web server (local computer). 3. Expand Web Sites. 4. Locate the virtual directory you wish to protect and select Properties. 5. Select the CRYPTOCard tab. 6. Select Enable BlackShield Authentication for this virtual directory 7. From the drop down menu, select the option for default, which has it's path ending in iis agent\default\authisapi.dll. 8. Select New custom application from the set of radio buttons below 9. Select Configure... 10. Select OK. 11. Select OK. Your custom virtual directory is now protected. To verify, right click the name of the virtual directory and select Browse. The default BlackShield logon form should appear. BlackShield ID Implementation guide for IIS,SharePoint,OWA,RWW 6

GrIDsure Tokens GrIDsure tokens provide an end-user the ability to generate a one-time password without requiring the end-user to have any additional hardware or software applications. GrIDsure presents the end-user with a grid of cells containing random characters, from which the end-user selects their personal identification pattern (PIP). Each time the end-user needs to authenticate the trid will display a random/unique set of characters. The end-user then just needs to remember their PIP and provide the specific characters within those cells that make up their PIP in order to authenticate and log on. For the purpose of this guide, only the demonstration of GrIDsure tokens being used will be shown. A more detailed explanation of how GrIDsure tokens work can be obtained in the GrIDsure specific token guide. Outlook Web Access Forms based authentication 1. Using a web browser, browse to the OWA logon site. 2. Enter your Microsoft user name and Microsoft password. 3. Leave the OTP field empty. 4. Click Log On BlackShield ID Implementation guide for IIS,SharePoint,OWA,RWW 7

5. Using your PIP, enter in your OTP within the OTP field. Note: In this example the OTP has been revealed for demonstration purposes. 6. Click the Logon button. BlackShield ID Implementation guide for IIS,SharePoint,OWA,RWW 8

SharePoint 1. Using a web browser, browse to the SharePoint logon site. Note: Normally a web browser pop up would appear. However, once protected with CRYPTOCard a web based logon page will appear. 2. Enter in your Microsoft user name and Microsoft password. 3. Leave the OTP field empty. 4. Click the Log On button. 5. Using your PIP, enter in your OTP within the OTP field. Note: In this example the OTP has been revealed for demonstration purposes. 6. Click the Log On button. BlackShield ID Implementation guide for IIS,SharePoint,OWA,RWW 9

Troubleshooting Symptom: I access my service s logon page, but I don t see the addition of the OTP (One- Time password) field to enter my token code. Possible Causes: You have not chosen the correct logon page. Solution: Redo the instructions for protecting your chosen service, and ensure you select the correct template from the appropriate pull down. BlackShield ID Implementation guide for IIS,SharePoint,OWA,RWW 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information