Hi
I have set up a listener on our TMG server to authenticate external OWA users with RSA. Currently on non RSA OWA users enter their username in the form domain\username which I can see is set on the OWA website on the CAS server. However, when I connect to the new RSA enabled OWA listener externally I am presented with a screen where I enter my RSA ID and passcode and my AD password. This authenticates OK but I am then presented with the OWA screen which wants my username (domain\username) and password again, presumably as this is what Exchange expects.
I'd like to get rid of this second login screen so users only have to enter their credentials once. From reading around I can either change the setting on the CAS server to 'basic authentication' (the same as is set on the TMG server) or I can set it to forms based but just username with no domain required.
I only have limited time to test the changes as this is on our live system. Has anyone seen the same thing and can advise on which method is the best? Are there any security implications in using basic authentication between the TMG server and CAS server?