Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
847
Views
0
Helpful
5
Replies

Iron port single sign issue

Go to solution
igbinosuneric
Level 1
Level 1

‎05-15-2015 10:48 AM

Hello 

i have integrated the WSA with active directory 

configured single sign on 

but Microsoft lync still prompts for authentication

please what  can i do to resolve this 

thanks guys 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎05-15-2015 11:02 AM

I'm going to make some assumptions:

  • You're using Lync in the cloud
  • Lync is running at startup
  • the user hasn't opened any web page yet.
  • The prompt is web access related, NOT the actual lync login.

 

Try this for me. Exit Lync, use a browser and hit an external web page.  Start Lync (with or without the browser open, doesn't matter).  It should work...

 

The issue is that Lync can't handle the web auth request (Outlook can't either).

You have 2 options.

  • Figure out which user-agent string Lync is using and create an identity in the WSA for it, and a policy that doesn't require auth for that user-agent.
  • Deploy a CDA so that logins are picked up from the domain controllers and passed to the WSA before the users session actually gets to the point where its needed.

 

 

 

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Ken Stieers
VIP
VIP

‎05-15-2015 11:02 AM

I'm going to make some assumptions:

  • You're using Lync in the cloud
  • Lync is running at startup
  • the user hasn't opened any web page yet.
  • The prompt is web access related, NOT the actual lync login.

 

Try this for me. Exit Lync, use a browser and hit an external web page.  Start Lync (with or without the browser open, doesn't matter).  It should work...

 

The issue is that Lync can't handle the web auth request (Outlook can't either).

You have 2 options.

  • Figure out which user-agent string Lync is using and create an identity in the WSA for it, and a policy that doesn't require auth for that user-agent.
  • Deploy a CDA so that logins are picked up from the domain controllers and passed to the WSA before the users session actually gets to the point where its needed.

 

 

 

 

0 Helpful

Go to solution
igbinosuneric
Level 1
Level 1
In response to Ken Stieers

‎05-17-2015 11:14 PM

hello ken 

thanks for the reply 

by any chance, would you know the agent used by microsoft lync 

doing my research and am coming up short 

thanks 

 

0 Helpful

Go to solution
Tim Schneider
Level 1
Level 1
In response to igbinosuneric

‎05-19-2015 01:28 AM

Useragent string looks like this:

 

UCCAPI/15.0.4420.1017 OC/15.0.4420.1017 (Microsoft Lync)

 

the version numbers vary depending on your version, obviously.

Look at the screenshots on how to find it (In the second image, the version is the first number within the brackets, meaning 15.0.4481.1000)

Preview file
25 KB
Preview file
13 KB
0 Helpful

Go to solution
igbinosuneric
Level 1
Level 1
In response to Tim Schneider

‎05-19-2015 06:08 AM

Hello all

I configured the ip addresses of the Lync servers in a custom URL 

 

configured a identity which referenced the custom url 

 

then in the global decryption policy i configured a pass through function for the custom URL 

 

and that was it 

0 Helpful

Go to solution
Ken Stieers
VIP
VIP
In response to igbinosuneric

‎05-19-2015 05:47 AM

look here: http://lmgtfy.com/?q=lync+user+agent

You can use regex for the agent string, so "\(Microsoft Lync\)" ought to work.

 

 

0 Helpful
Customers Also Viewed These Support Documents