Hi , How can I do web mapping MWG acting as an ISA 2006 (EDGE) upstream proxy ? LAN > ISA EDGE > MWG > INTERNET
It is possible?
Because always receiving Authorization failed from MWG
Why using ISA at all? Seriously, what role is ISA playing in this setup? Is it firewall or just proxy?
Generally, you could use the auth server at MWG to authenticate in the proxy chain or use the ISA plugin from the extranet page to let ISA forward at least group or IP information to MWG.
ISA is the first line proxy (firewall could not disabled) , my configuration rplace the second line ISA for a MGW , Don t want to use ICAP just HTTP Proxy and I want to use web mapping.
as MIchael stated the ISA Plugin downloadable from the Extranet can act as an ICAP or as a "Chaining" Plugin. We do not want to use ICAP here but the Chaining mode, which adds Username and Groups looked up by the ISA Server into the traffic that is sent to Webwasher. On Webwasher you can use the User and Group information to perform a mapping, similar to Webwasher authenticating on its own.
You need to add a User/Group Mapping (Directly) and switch the "Extract User Information from" from "Standard-Meta ICAP Header" to "User-Defined Request Header", and fill in "X-Authenticated-User" or "X-Authenticated-Groups" depending on the Mapping you want to perform.
Finally put in a Generic Header Entry into all policies that removes these headers before sending them to the Internet.
This should suit your requirements.
Very useful, thanks you ! It is working but, using X-Autehnticated -Groups and X-Authenticated-User but in the access logs I can nt see in %xusername field the name of the user I only can see a minus symbol (-).
OK! working now! one question , If * means over defualt policy with auth user allow all , wich is the special character of * to deniad access??
Thanks a lot MIchael and Andre!
Were you able to havea look into the Log file issue? Is this working now?
Besides your second query I am not really sure if I do unterstand you here. Can you please give me a quick example? Then I will try to comment on that :-)