Lab Scenario 2: Configuring SSO Using ISA Server 2006

Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.

In lab scenario 2, you will deploy Communicator Web Access, configure Communicator Web Access for custom authentication, and deploy Microsoft ISA (Internet Security and Acceleration) Server 2006, Standard Edition, and enable it for SSO (single sign-on). The only supported configuration is to use SSL on the ISA Server 2006 server to publish the external site as an HTTPS site. HTTP is not supported.

For more information about ISA Server 2006, see:

Lab scenario 2 simulates an SSO user experience for Communicator Web Access by deploying ISA Server 2006 enabled for SSO. You will perform the following tasks:

  • Configure custom authentication for the Communicator Web Access virtual server

  • Enable an SSO user experience by deploying ISA Server 2006 enabled for SSO

  • Use the SSO features of an ISA Server 2006 SSL Web listener

  • Deploy server isolation

  • Sign in to Communicator Web Access

  • Traverse the ISA Server 2006 enabled for SSO

  • Search for users to add to the Contact List

  • Add contacts to, and delete them from, the Contact List

  • Send an instant message by using Communicator Web Access

  • Change presence status

  • Use forms-based authentication

  • Use public and private timeouts

  • Test your solution consisting of at a minimum, SSO, and optionally the Unified Communications JavaScript Libraries or code accessing the Unified Communications AJAX API

Lab scenario 2 builds on the topology that you deployed in lab scenario 1. To the existing deployment, you will add ISA Server 2006 Standard Edition, enabled for SSO, and an additional hub.


Installing Communicator Web Access (2007 release) and any server role of Office Communications Server 2007 on the same physical server is not supported.

In lab scenario 2, the fictitious Contoso Corporation network includes the following:

  • A domain controller that runs Microsoft Active Directory Domain Services, DNS Server, and a private certification authority.

  • Office Communications Server 2007, Standard Edition, deployed on server


    Running Office Communications Server 2007 on a domain controller is not supported.

  • A Communicator Web Access server that uses custom authentication (

  • Two hubs

  • Two clients

  • A server with two network adapters that runs ISA Server 2006, Standard Edition, enabled for SSO (

  • An Internet DNS server

For details about deploying ISA Server 2006 in a production environment, see httpss://

Figure 8. Topology for Lab Scenario 2


In lab scenario 2, you will perform the following tasks:

  1. Add an Internet DNS server.

    Add a DNS server to resolve the external client ( and the external ISA Server 2006 NIC (

  2. Create an external Communicator Web Access (2007 release) virtual server.

    Create the external virtual server configured to use custom authentication.

  3. Add to the deployment from Lab scenario 1.

    For this lab scenario, isa2006 functions as the ISA Server 2006 enabled for SSO.

  4. Configure and test the external client (Client1).

    To simulate external access by the client for this lab scenario, change the IP address of and test connectivity.

  5. Test the ISA Server 2006 enabled for SSO deployment.

    Test the lab-simulated environment in which a client has an SSO experience when connecting to Communicator Web Access by traversing the ISA Server 2006 enabled for SSO. The user's credentials are entered once in the ISA sign-in form and are cached by ISA Server 2006 enabled for SSO. Subsequent sign-ins are not challenged.

  6. Perform Lab scenario 2 exercises.

    The lab exercises demonstrate SSO, adding contacts, sending instant messages, and changing presence.