Exchange - Authentication

Authentication Type User Name - Password

With the User name – password option, the user name and password that you use for login to Windows will be used in Intrexx to log on to Exchange. The login data can either be queried session-based and must then be entered by the users every time they log on to the portal again, or you can enter the data in encrypted format on the MediaGateway in order to avoid needing to renew logins. In this case, a connection will be created by Intrexx between the logged-in Intrexx user and the saved login information for the Exchange server.

Authentication Type Kerberos

Kerberos will determine the login information according to the current Windows user and will automatically log on. The additional required information for Mailbox and Domain will be defined in the Access data for the Exchange server.

Please note the following basic requirements for a successful authentication with Kerberos: If a user cannot be authenticated, the session-based login will automatically be activated.

For successful authentication, the entry of a so-called Service Principal Name (SPN) is required. The SPN contains the information about the service for whom a Kerberos ticket should be created. This ticket will be required for the MediaGateway server. The dialog will suggest a SPN to you, but in practice, it may need to be adjusted, depending on your system environment.

The SPN will usually be made up of the following components:

host/< Computer DNS Name>@<KERBEROS_REALM>

Computer DNS name: fully qualified host name (such as mycomputer.mycompany.com)
KERBEROS_REALM: as a rule, the domain in capitals (like MYCOMPANY.COM)


The SPN would, therefore, read as follows with the sample data:

host/mycomputer.mycompany.com@MYCOMPANY.COM

Access data for the Exchange server

The login of an Intrexx user to the Exchange server takes place via a login box that will be shown when an Intrexx Exchange application is called up in the portal.



The Kerberos authentication only works if the requesting client uses the fully qualified Name in the server URL which is entered in the login box and not the IP of the Exchange servers, like for example

https://exchangeserver.example.org/exchange

instead of

https://12.34.56.78/exchange.

The request of a portal on client systems depends on the configuration of your DNS server and has to be executed via one of the following URLs:

http://12.34.56.78/myPortal
http://intrexxserver.example.org/myPortal
http://intrexxserver/myPortal

Please ask your system administrator for further information on this topic.

In the configuration of the access data for the Exchange server, you can define whether specific data should be automatically entered to the login box, like the domain, or if data should be taken from the User Manager, such as the user name, or which data must be manually entered by the user to the login box in Intrexx Exchange applications.

If the setting is not set for Login data on web is session-based, all login information from the login box will be saved as user account in the MediaGateway as soon as the user logs on for the first time with the Intrexx Exchange application. If this login was successful, the corresponding account information will be saved, encrypted with RSA, to the MediaGateway. The next time the Intrexx portal is visited, the login will not be required, as long as the connection to the Exchange server can be established.

Next, the login box will then only be shown again when changes to the access data of the user come about, i.e. when, for example, the value of a relevant field in the User Manager has changed.

If the setting is set for Login data in web is session-based, the information will be queried for each session and no account will be created on the MediaGateway. The login box will thereafter always be shown the first time an Intrexx user opens an Exchange application in the portal.

EA user of the Intrexx portal can only access the information on the Exchange server to which she possesses sufficient rights on the Exchange server itself.

If MediaGateway accounts have already been created, because users have already logged in, the Overview of known users link will be active in the lower area of the dialog. Clicking on this link opens a dialog where you can find a list of the users in the MediaGateway.