I am having a few difficulties getting WebWasher to workwith ISA Server 2006.
Here is my setup:
What I have done:
I have created firewall policy rules which allow WW to talkto Internal & External network. (all seems fine, WW can access internet)
I have configured the proxy chaining plug & web chainingrule to forward to the WebWasher appliance.
ISA Server does not appear to be passing WebWasher the X-Authenticated-User& X-Authenticated-Groups headers resulting in end users receiving a WebWasher notauthenticated error message.
Support have confirmed via tcpdumps this information is not being passed.
Any ideas would be gratefully received on how to make ISA pass this information.
Message was edited by: king-ed on 17/05/10 12:29:38 CDTMessage was edited by: king-ed on 17/05/10 12:30:11 CDT
usually the X-Authenticated-User and X-Authenticated-Groups header should be forwarded from the ISA server to Webwasher. As far as I know the process needs to be restarted after you have installed the Plugin. Have you done so?
Also, is there a valid license added to the Plugin?
Additionally, can you verify that the ISA Server actually performs authentication? If Users are able to access ISA without Authentication, the Headers won't be there.
Please have a look.
When installing the proxy chaining plugin you are required the stop and start the Microsoft Firewall service - I assume this is enough?
The plugin is correctly licensed.
I know that ISA preforms authentication because if I generate a report from within the ISA Management Console I can see that usernames are present(with domain name).
I do currently have SmartFilter installed on the ISA Server - when I attempt to enable WebWasher I am disabling the SmartFilter addins first. (I don't want to uninstall SmartFilter until I know that WebWasher works 100%).
yes, restarting the ISA service should be enough. Well it seems you have done all the steps required. Have you already verified that the Header is NOT sent to Webwasher, or is the Header probably sent but Webwasher fails to map on it?
You may generate an ICAP Trace or packet capture between ISA and Webwasher and give it a try (activate the Chaining Plugin of course). We can then have another look.
What settings did you use within Web Mapping.
You must use Map from: Username, Map via: Map directly, Using these rules: User-Direct-1
Within [Edit rules and options] you must use:
Extract user information from: user defined request header
User defined meta or request header: X-Authenticated-User