This post is based on recent field notes. Instead of creating a new detailed post with step by step information on how to configure RSA Authentication on a TMG Server, I have compiled the information and steps needed to configure RSA Authentication on a TMG Server.
Below is a small overview of the steps needed to configure RSA Authentication on a TMG server for use with Outlook Web App.
The overview of the steps:
- On the RSA Authentication Server create the files needed for configuration (sdconf.rec and nodesecret.rec)
- Import the files on the TMG Server using the RSA tool agent_nsload.exe (the tool is part of the RSA install binaries)
- Place the sdconf.rec and node
- Prepare the TMG Server and setup TMG for RSA SecurID
- Configure the TMG Listener for RSA Authentication
- Configure the Publishing Rule
- Test the RSA Authentication and connection to the RSA servers, using the Microsoft tool SDTEST.EXE tool (RSA Test Authentication Utility) which available as part of the TMG 2010 Tools & Software Development Kit
For the detailed step by step configuration, I refer to the great information already created on the TMG Team blog. Microsoft themselves has a series of detailed blog posts on configuring RSA Authentication on a TMG server:
- Walk-through for RSA SecurID Authentication for TMG 2010 Part 1: RSA Authentication Manager 7.1 Server Configuration
- Walk-through for RSA SecurID Authentication for TMG 2010 Part 2: TMG Array Members Preparation
- Walk-through for RSA SecurID Authentication for TMG 2010 Part 3: Configure TMG Authentication and Delegation
If you follow the steps in the three articles above, you should be able to configure RSA Authentication for TMG Server correct and your end users will now be prompted for RSA SecurID credentials.
Hope this compilation helps others, whom might struggle with configuring RSA Authentication for a TMG server.
Other resources from Microsoft blogs: