McAfee One Time Password



Similar documents
IIS SECURE ACCESS FILTER 1.3

To install Multifront you need to have familiarity with Internet Information Services (IIS), Microsoft.NET Framework and SQL Server 2008.

OTP Server Integration Module

NSi Mobile Installation Guide. Version 6.2

OTP Server Integration Module

Secure Messaging Server Console... 2

RoomWizard Synchronization Software Manual Installation Instructions

MICROSOFT ISA SERVER 2006

Click Studios. Passwordstate. Installation Instructions

Installation Manual v2.0.0

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

SafeWord Domain Login Agent Step-by-Step Guide

BlackShield ID Agent for Remote Web Workplace

TIBCO Spotfire Metrics Prerequisites and Installation

FaxCore 2007 Database Migration Guide :: Microsoft SQL 2008 Edition

Upgrade Guide BES12. Version 12.1

ACTIVE DIRECTORY DEPLOYMENT

DIGIPASS Pack for Citrix on WI 4.5 does not detect a login attempt. Creation date: 28/02/2008 Last Review: 04/03/2008 Revision number: 2

Integration Package for Microsoft Office SharePoint3

SAS 9.3 Foundation for Microsoft Windows

Installing Autodesk Vault Server 2012 on Small Business Server 2008

DC Agent Troubleshooting

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual

Using Logon Agent for Transparent User Identification

Implementation Guide for protecting

ImageNow Interact for Microsoft SharePoint Installation, Setup, and User Guide

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

System Administration Training Guide. S100 Installation and Site Management

Deploying WinLIMS Web v7.2 to a Windows 2008 x64 box. Table of Contents. Deploying WinLIMS Web v7.2 to a Windows 2008 x64 box... 1

ProSystem fx Document

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

Enterprise Knowledge Platform

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

Configuring Microsoft Internet Information Service (IIS6 & IIS7)

Installation and Configuration Guide

Installation Documentation Smartsite ixperion 1.3

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

Click Studios. Passwordstate. Installation Instructions

EMC Documentum Connector for Microsoft SharePoint

OUTLOOK ANYWHERE CONNECTION GUIDE FOR USERS OF OUTLOOK 2010

Migrating helpdesk to a new server

Use Enterprise SSO as the Credential Server for Protected Sites

User Guide. Version 3.2. Copyright Snow Software AB. All rights reserved.

Virto Password Reset Web Part for SharePoint. Release Installation and User Guide

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

2X ApplicationServer & LoadBalancer Manual

Web Deployment on Windows 2012 Server. Updated: August 28, 2013

Introduction. Before you begin. Installing efax from our CD-ROM. Installing efax after downloading from the internet

Click Studios. Passwordstate. Upgrade Instructions to V7 from V5.xx

PowerLink for Blackboard Vista and Campus Edition Install Guide

Installing and Configuring WhatsUp Gold

SonicWALL CDP 5.0 Microsoft Exchange User Mailbox Backup and Restore

InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x

FaxCore Ev5 Database Migration Guide :: Microsoft SQL 2008 Edition

Installation and Configuration Guide

Desktop Deployment Guide ARGUS Enterprise /29/2015 ARGUS Software An Altus Group Company

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Deploying RSA ClearTrust with the FirePass controller

TypingMaster Intra. LDAP / Active Directory Installation. Technical White Paper (2009-9)

Agent Configuration Guide

Cisco TelePresence Management Suite Extension for Microsoft Exchange

Apache Server Implementation Guide

SSO Plugin. J System Solutions. Upgrading SSO Plugin 3x to 4x - BMC AR System & Mid Tier.

Sitecore Ecommerce Enterprise Edition Installation Guide Installation guide for administrators and developers

Using RADIUS Agent for Transparent User Identification

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

Differences between Computer and User Templates

Table of Contents. CHAPTER 1 About This Guide CHAPTER 2 Introduction CHAPTER 3 Database Backup and Restoration... 15

Contents 1. Introduction 2. Security Considerations 3. Installation 4. Configuration 5. Uninstallation 6. Automated Bulk Enrollment 7.

Click Studios. Passwordstate. High Availability Installation Instructions

Eylean server deployment guide

Video Administration Backup and Restore Procedures

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Outlook Web Access 1.06

Colligo Engage Windows App 7.0. Administrator s Guide

Microsoft Outlook Web Access 2013 Authenticating Users Using SecurAccess Server by SecurEnvoy

Exchange 2010 PKI Configuration Guide

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Siteminder Integration Guide

Retail Deployment Guide. Microsoft Dynamics AX 2012 Feature Pack

External Authentication with Windows 2012 R2 Server with Remote Desktop Web Gateway Authenticating Users Using SecurAccess Server by SecurEnvoy

NovaBACKUP xsp Version 15.0 Upgrade Guide

Secret Server Installation Windows 8 / 8.1 and Windows Server 2012 / R2

Sophos Enterprise Console server to server migration guide. Product version: 5.1 Document date: June 2012

Full disk encryption with Sophos Safeguard Enterprise With Two-Factor authentication of Users Using SecurAccess by SecurEnvoy

MailStore Outlook Add-in Deployment

Archive Manager Exchange Edition OWA Troubleshooting

How To - Implement Single Sign On Authentication with Active Directory

USING MYWEBSQL FIGURE 1: FIRST AUTHENTICATION LAYER (ENTER YOUR REGULAR SIMMONS USERNAME AND PASSWORD)

Installation and Administration Guide

FieldIT Limited FieldIT CRM. Installation Manual v1.3.i3 (Enterprise Install)

R i o L i n x s u p p o r r i o l i n x. c o m 1 / 3 0 /

SIMS Multi-user Installation Instructions

SOLGARI CLOUD BUSINESS COMMUNICATION SERVICES CLOUD CONTACT CENTRE MICROSOFT DYNAMICS INTEGRATION

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

escan SBS 2008 Installation Guide

Cisco TelePresence Management Suite Extension for Microsoft Exchange

External Authentication with Juniper SSL VPN appliance Authenticating Users Using SecurAccess Server by SecurEnvoy

Transcription:

McAfee One Time Password Integration Module Outlook Web App 2010 Module version: 1.3.1 Document revision: 1.3.1 Date: Feb 12, 2014

Table of Contents Integration Module Overview... 3 Prerequisites and System Requirements... 3 Windows Server... 3 Active Directory... 3 Microsoft Exchange 2010... 3 McAfee One Time Password... 3 Installation... 4 Installing the Integration Module... 4 Configuration... 5 Creating the Virtual Directory OWAIISIntegration... 5 Edit OWA 2010 web.config... 6 Filter Configuration... 7 Exchange Configuration... 9 Outlook Web App Forms Authentication... 9 Restarting the IIS Web Server... 10 One Time Password Configuration (Server-side)... 11 SMS and Pledge Database Configuration... 11

McAfee One Time Password (server and soft token) enables you to rapidly deploy twofactor authentication, including soft tokens, so that remote and mobile employees can securely access critical information while maintaining compliance. The password security offering includes strong two-factor authentication and streamlined deployment and management, reducing operational effort and costs associated with traditional and legacy one time password solutions. Integration Module Overview The McAfee One Time Password Outlook Web App integration module enables strong authentication for Microsoft OWA. An http module filter protects the OWA web application and communicates with the One Time Password server. Module features: Supports OWA Forms authentication Installed as an HTTP Module filter to protect all incoming requests Debug logging (Event Viewer) SMS, Pledge and E-mail authentication method support Prerequisites and System Requirements Windows Server Microsoft Windows Server 2003 or later. Microsoft.NET Framework 3.5 or later has to be installed on the server. Active Directory Active Directory has to be configured for McAfee One Time Password to authenticate and retrieve mobile numbers for users. Microsoft Exchange 2010 Version: 14.02.0318.004 or later McAfee One Time Password Version 3.0 or later. Note: McAfee One Time Password can use any LDAP v3 compatible Directory Service and also an ODBC compliant database server to perform authentication and mobile number lookup. Active Directory is the recommended Directory Service for OWA.

Installation Installing the Integration Module Before installing the OWA Integration Module, make sure that Exchange 2010 is installed and working as it should. Also make sure that One Time Password server available (it does not have to be installed on the same machine as OWA 2010). Follow these steps for a successful installation of OWA integration module: 1. Download the latest OWA integration installation package: 2. Run OTP_Integration_OWA_2010.exe. Unzip the files. The default installation path is C:\Program Files\McAfee\OTP_Integrations\OWA If the path is changed, make sure to change references to it (registry settings). Screenshot 1 OTP OWA integration files 3. As Administrator: Double click OTP_OWA2010_RegistrySettings.reg. This will create the registry key SOFTWARE\McAfee\One Time Password\OWA and its sub keys. Registry settings are described further down in the section Configuration Filter Configuration. 4. Copy or move files to the destination folder: Files \OTP_Integrations\OWA\owa_bin\McAfee.OTP.IIS.dll \OTP_Integrations\OWA\owa_bin\NordicEdgeOTP.dll Destination C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\Bin

Configuration Creating the Virtual Directory OWAIISIntegration In IIS Manager: 1. Right click the Default Web Site and click Add Virtual Directory 2. Set Alias to OWAIISIntegration Set Physical path to C:\Program Files\McAfee\OTP_Integrations\OWA\OWAIISIntegration\UI Screenshot 2 Add Virtual Directory OWAIISIntegration 3. Click OK. Screenshot 3 The Virtual Directory OWAIISIntegration

Edit OWA 2010 web.config 1. Browse to C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa 2. Make a copy of web.config as a backup. Just in case 3. Open web.config with a text editor 4. Locate the tag <modules> and add the following row as the first module in the list: <add name="httpauthenticationmodule" type="mcafee.otp.iis.httpauthenticationmodule" /> After editing, the modules section should look like this: <modules> <add name="httpauthenticationmodule" type="mcafee.otp.iis.httpauthenticationmodule" /> <add type="microsoft.exchange.clients.owa.core.owamodule, Microsoft.Exchange.Clients.Owa" name="owamodule" /> <add name="exppw" /> </modules> 5. Save web.config

Filter Configuration All settings for the filter are defined in the Windows registry. If any keys are missing, default values will be used by the filter. Several keys specify URL or file paths, which obviously must be valid for the filter to run properly. All file paths used by the filter must have the necessary access rights. Configure the module settings: On your server: Click Start > Run Type regedit and click OK. Navigate to HKLM SOFTWARE\McAfee\One Time Password Most of the predefined key values do not have to be modified but there are some values that are specific for your environment like StaticLogonDomain (this is simply your AD domain) and the OtpServerAddress. Remember to configure SmsClientDetectionName, PledgeClientDetectionName and/or EmailClientDetectionName according to your OTP Server settings. NOTE: The registry configuration is read at the web application startup which means that the web application requires to be restarted if the configuration is changed. Registry key HKLM SOFTWARE\McAfee\One Time Password Key Default Value Description SessionManagerDebug 0 If set to 1, a log will be found in the Event Viewer > Windows Logs > Application. Look for SessionManager in the Source column. Registry key HKLM SOFTWARE\McAfee\One Time Password\OWA Key Default Value Description ChangeADPasswordURL http://changeadpasswordurl If One Time Password detects that a user password is about to expire, the user is redirected to the URL configured in this key. CredentialsPostURL /owa/auth/owaauth.dll An URL which user credentials are posted to after a successful two-factor authentication. EmailClientDetectionName [empty] Example: EMAIL Encryption 1 DES encryption between the client and the server. 0 = No encryption 1 = Encryption EventViewerDebug 0 If set to 1, a log will be found in the Event Viewer > Windows Logs > Application. Look for HttpAuthenticationModule the Source column. Note that the key SessionManagerDebug also has to be set to 1 if Session Manager debugging is desired. Troubleshooting: If no log entries are written to the event viewer, try to create the Source name manually in a Command Prompt:

ExcludedPages logon.aspx expiredpassword.aspx C:\Windows\system32>eventcreate /ID 1 /L APPLICATION /T INFORMATION /SO HttpAut henticationmodule /D "My first log" Pages in the owa web application that will be excluded from the filter. IgnoredURLs owa/service.svc?action If given string is included in the URL it will be ignored by the filter. MaxSessions 10000 The maximum number of sessions that can exist in the module session store. KeepSessions 9000 Specifies the number of the current sessions that will be kept after MaxSessions has been reached. OtpIntegrationFilePath C:\Program Files\McAfee\ OTP_Integrations\OWA\OWAII SIntegration\ The path to the directory containing the OTP integration files and directories. OtpIntegrationIISWebAppName OWAIISIntegration The name of the web application (Virtual Directory) where images and so on are located. OtpServerAddress 127.0.0.1:3100 Sets the OTP server address. Either a plain host name or multiple host names/port numbers for failover with the following syntax: 192.168.10.3:3100;otp.acme.com:3567;otpserver.xyz.c om:3100 Use colons (:) to separate host name from port number and semicolon (;) to separate multiple OTP Servers. PledgeClientDetectionName [empty] Example: PLEDGE PostURL /owa/auth/owaauth.dll An URL to which UPLogin.html and OTPLogin.html is posted. RemoveOldSessionsInterval 5 Value in minutes. Removes old sessions (sessionstoremove = MaxSessions - KeepSessions) which not are used anymore. RemovePrivatePublicButtons 0 If set to 1, the radio buttons Private Computer and Public Computer will be removed from the login form. SessionTimeOut 5 Integration module session timeout in minutes. Note that OWA has its own session timeouts. Radio button This is a public or shared computer has 15 minutes as default timeout. Radio button This is a private computer has 8 hours as default timeout. SmsClientDetectionName [empty] Example: SMS StaticLogonDomain [empty] Example: MyADDomain

Exchange Configuration Outlook Web App Forms Authentication Follow these steps to configure the OWA module to use forms based authentication. In the Exchange Management Console: Expand Server Configuration and click Client Access Right click owa (Default Web Site) and click properties. Make sure that Use forms-based authentication is selected and Logon format is set to Domain\user name. Screenshot 5 owa Properties NOTE: Experimenting with permissions and settings for Exchange can seriously damage your Exchange installation. If the filter does not work as expected, always test exchange without the filter to verify that Exchange works as expected.

Restarting the IIS Web Server Before the integration module can be used, IIS has to be restarted. As Administrator: Open a Command Prompt and type iisreset to restart the Internet Information System. Screenshot 4 Restarting IIS

One Time Password Configuration (Server-side) SMS and Pledge Database Configuration The OWA integration module offers the user to choose between Pledge, SMS (text message) and E-mail as authentication methods. OTP database configuration for Pledge and SMS are described below. Having several authentication methods are an optional choice, however, one authentication method must be configured to make this solution work. In OTP Server Configurator: 1. Create a new OTP Server Database that will be used for Pledge authentication. Configure the Database as shown in the screenshot below. Note that OATH Key in the Account Settings section has to be a multivalue string attribute. Screenshot 6 OTP Server Database for Pledge OTP support 2. Create a new OTP Server Database that will be used for SMS authentication. Configure the Database as shown in the screenshot below. The OTP Attribute in the Account Settings section can be a single value string attribute.

Screenshot 7 - OTP Server Database for SMS OTP support 3. Create a new OTP Server client that will be used for Pledge authentication. Configure the client as shown in the screenshot below. - Click the Advanced button, give the client a name and check Enable name detection. - User Database: Select the database for Pledge support.

Screenshot 8 - Defining an OTP Server client for Pledge OTP support 4. Create a new OTP Server client that will be used for SMS authentication. Configure the client as shown in the screenshot below. - Click the Advanced button, give the client a name and check Enable name detection. - User Database: Select the database for SMS support.

Screenshot 9 - Defining an OTP Server client for SMS OTP support 5. Click Ok, and Save Config. 6. Remember to set the registry values (Filter Configuration section) for SmsClientDetectionName, PledgeClientDetectionName and EmailClientDetectionName according to your OTP Server client name settings (and restart OWA). 7. Finally, run the OWA and find out if the configuration works as expected.

Screenshot 10 Integration module login page Screenshot 10 Integration module otp login page

Screenshot 11 Two-factor authenticated OWA

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information