Lab Scenario 2: Configuring SSO Using ISA Server 2006
Microsoft Office Communications Server 2007 and Microsoft Office Communications Server 2007 R2 will reach end of support on January 9, 2018. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
In lab scenario 2, you will deploy Communicator Web Access, configure Communicator Web Access for custom authentication, and deploy Microsoft ISA (Internet Security and Acceleration) Server 2006, Standard Edition, and enable it for SSO (single sign-on). The only supported configuration is to use SSL on the ISA Server 2006 server to publish the external site as an HTTPS site. HTTP is not supported.
For more information about ISA Server 2006, see:
ISA Server 2006 home page at https://www.microsoft.com/isaserver/default.mspx.
Trial version download: https://www.microsoft.com/technet/downloads/isa/2006/trials/default.mspx.
Lab scenario 2 simulates an SSO user experience for Communicator Web Access by deploying ISA Server 2006 enabled for SSO. You will perform the following tasks:
Configure custom authentication for the Communicator Web Access virtual server
Enable an SSO user experience by deploying ISA Server 2006 enabled for SSO
Use the SSO features of an ISA Server 2006 SSL Web listener
Deploy server isolation
Sign in to Communicator Web Access
Traverse the ISA Server 2006 enabled for SSO
Search for users to add to the Contact List
Add contacts to, and delete them from, the Contact List
Send an instant message by using Communicator Web Access
Change presence status
Use forms-based authentication
Use public and private timeouts
Lab scenario 2 builds on the topology that you deployed in lab scenario 1. To the existing deployment, you will add ISA Server 2006 Standard Edition, enabled for SSO, and an additional hub.
Installing Communicator Web Access (2007 release) and any server role of Office Communications Server 2007 on the same physical server is not supported.
In lab scenario 2, the fictitious Contoso Corporation network includes the following:
A domain controller that runs Microsoft Active Directory Domain Services, DNS Server, and a private certification authority.
Office Communications Server 2007, Standard Edition, deployed on server ocs2k7.contoso.com.
Running Office Communications Server 2007 on a domain controller is not supported.
A Communicator Web Access server that uses custom authentication (cwaserver.contoso.com)
A server with two network adapters that runs ISA Server 2006, Standard Edition, enabled for SSO (isa2006.contoso.com)
An Internet DNS server
For details about deploying ISA Server 2006 in a production environment, see httpss://www.microsoft.com/technet/isa/2006/secure_web_publishing.mspx.
Figure 8. Topology for Lab Scenario 2
In lab scenario 2, you will perform the following tasks:
Add an Internet DNS server.
Add a DNS server to resolve the external client (client1.contoso.com) and the external ISA Server 2006 NIC (cwa.contoso.com).
Create an external Communicator Web Access (2007 release) virtual server.
Create the external virtual server configured to use custom authentication.
Add isa2006.contoso.com to the deployment from Lab scenario 1.
For this lab scenario, isa2006 functions as the ISA Server 2006 enabled for SSO.
Configure and test the external client (Client1).
To simulate external access by the client for this lab scenario, change the IP address of client1.contoso.com and test connectivity.
Test the ISA Server 2006 enabled for SSO deployment.
Test the lab-simulated environment in which a client has an SSO experience when connecting to Communicator Web Access by traversing the ISA Server 2006 enabled for SSO. The user's credentials are entered once in the ISA sign-in form and are cached by ISA Server 2006 enabled for SSO. Subsequent sign-ins are not challenged.
Perform Lab scenario 2 exercises.
The lab exercises demonstrate SSO, adding contacts, sending instant messages, and changing presence.