Exchange - Authentication
Authentication Type User Name - Password
With the User name – password
the user name and password that you use for login to Windows will be
used in Intrexx to log on to Exchange. The login data can either be
queried session-based and must then be entered by the users every time
they log on to the portal again, or you can enter the data in encrypted
format on the MediaGateway in order to avoid needing to renew logins.
In this case, a connection will be created by Intrexx between the
logged-in Intrexx user and the saved login information for the Exchange
Authentication Type Kerberos
Kerberos will determine the login information according to the current
Windows user and will automatically log on. The additional required
information for Mailbox
be defined in the Access data for the Exchange server
Please note the following basic requirements for a successful
authentication with Kerberos:
- The Intrexx portal must be run with integrated authentication. You can make this so via the Users module in the menu Users/Configuration.
- The users in your Active Directory must be correspondingly entered to
Intrexx. You can run an import handily from the Users module
by selecting the menu item Users / Import users and groups. Please
ensure that at least one user is contained in the Administrators
group, in order to be able to further administrate the system.
- The server on which the MediaGateway is installed requires the group right of Delegation.
- All clients and server must be members of the same domain.
- The Exchange server may not use form-based authentication
for Outlook Web Access / Exchange (affects Exchange 2003/2007)
- In Internet Explorer, the security settings for the zone to
be used during user authentication must be set to Automatic login
with current user name and password. In addition, the
checkbox must be checked to Activate integrated Windows
authentication in the advanced settings.
- With the Kerberos authentication, you will have a true
single-sign-on for access by your users to the Exchange server that will use the
integrated Windows authentication.
If a user cannot be authenticated, the session-based login will
automatically be activated.
For successful authentication, the entry of a so-called Service
Principal Name (SPN) is required. The SPN contains the information
about the service for whom a Kerberos ticket should be created. This
ticket will be required for the MediaGateway server
The dialog will suggest a SPN to you, but in practice, it may need to
be adjusted, depending on your system environment.
The SPN will usually be made up of the following components:
host/< Computer DNS Name>@<KERBEROS_REALM>
Computer DNS name: fully qualified host name (such as mycomputer.mycompany.com)
KERBEROS_REALM: as a rule, the domain in capitals (like MYCOMPANY.COM)
The SPN would, therefore, read as follows with the sample data:
Access data for the Exchange server
The login of an Intrexx user to the Exchange server takes place via a
login box that will be shown when an Intrexx Exchange application is
called up in the portal.
||The Kerberos authentication only works if the
requesting client uses the fully qualified Name in the server URL which
is entered in the login box and not the IP of the Exchange servers,
like for example
The request of a portal on client systems depends on the configuration
of your DNS server and has to be executed via one of the following URLs:
Please ask your system administrator for further information on this topic.
In the configuration of the access data for the Exchange server, you
can define whether specific data should be automatically entered to the
login box, like the domain, or if data should be taken from the User
Manager, such as the user name, or which data must be manually entered
by the user to the login box in Intrexx Exchange applications.
If the setting is not set for Login data on web is
, all login information from the login box will
be saved as user account in the MediaGateway as soon as the user logs
on for the first time with the Intrexx Exchange application. If this
login was successful, the corresponding account information will be
saved, encrypted with RSA, to the MediaGateway. The next time the
Intrexx portal is visited, the login will not be required, as long as
the connection to the Exchange server can be established.
Next, the login box will then only be shown again when changes to the
access data of the user come about, i.e. when, for example, the value
of a relevant field in the User Manager has changed.
If the setting is set for Login data in web is session-based
the information will be queried for each session and no account will be
created on the MediaGateway. The login box will thereafter always be
shown the first time an Intrexx user opens an Exchange application in
||EA user of the Intrexx portal can only access the
information on the Exchange server to which she possesses sufficient rights on the
Exchange server itself.
If MediaGateway accounts have already been created, because users
have already logged in, the Overview of known users
link will be active in the lower area of the dialog. Clicking on
this link opens a dialog where you can find a list of the users in