This may turn out to be an entirely different question (domain related) but I shall endeavour to explain the situation.
As a UK-based resller we have been required to dip our toes into the world of McAfee SaaS (having previosly worked almost exclusively with Firewall Enterprise, Web Gateway, Mail Gateway and EWS appliance solutions).
I've been tasked with looking at SaaS Email and a colleague has been given the SaaS Web product to work with.
Because my requirement came first, I created the SaaS portal account and registered the SaaS EMail and Web licenses against it. I then went ahead an configured the Email component. As I am using a lab enviroment with one of our test/demo domain names registered to the Exchange server, this was the domain I declared when going through the process of setting up SaaS Email. From that perspective everything seems to be going OK.
However, the reason why I am posting this query is the Web section is because it is the web-side that is proving slightly more problematic and I'm beginning to wonder if things may be getting themselves into a bit of a knot as a result.
For the sake of explanation, the registered primary domain against this SaaS account is reseller-demo.co.uk (it isn't, but that's what I'm going with here).
As far as web access is concerned, if the SaaS web access policy is defined by IP address (using our public NAT address) and my colleague configures a browser to point directly to SaaS on port 3128 that works OK. However, the scenario he needs to test for the prospective customer requires WDS. He has installed the WDS element on the network and it appears to be running. But, if he tries to browse via this service all he gets back is a message along the lines of:-
You must be authenticated to access this URL
What we are beginning to wonder is if this actually has anything to do with the fact that the Active Directory domain on our network isn't "reseller-demo.co.uk" (which is a domain used purely for e-mail), but "reseller.internal" (to use a similar comparison).
Could the problem therefore be that WDS is authenticating the user correctly, but the domain credentials bare no resemblence to the domain name registered within SaaS?
If so how does SaaS handle the difference between e-mail domains and authentication (AD) domains for web access?