You can configure the following advanced authentication options
in the properties of the Web listener:
Require all users to authenticate. This option forces
clients to authenticate using one of the selected authentication
methods.
Check client credentials once per TCP session. This
option enables the caching of client credentials.
Prevent caching of protected pages on clients. When
forms-based authentication is used, a browser cannot recognize that
traffic is being transmitted over an authenticated connection, and
will therefore cache the traffic. To prevent the caching of
authenticated traffic, this option sets the value of the
cache-control header to no-cache on every response sent to
the client. Because this header is intended for the proxy and the
client, ISA Server notes the header value and the response is not
cached.
Set an SSL client certificate timeout. This option
applies when you require client certificate authentication. This
security feature requires that the certificate be presented again
after a time-out that you configure. In a scenario where a user
presents a certificate on a smart card, retrieves the smart card,
and then forgets to end the session, ISA Server will request the
certificate after the time-out. If the certificate is not provided,
ISA Server will end the session. If the certificate is installed on
the client computer, the request for the certificate after the
time-out will not be noticed by the user.
Specify a domain for authentication other than the default
Windows domain. ISA Server appends the default domain to the
client's user name, if the client does not provide a domain name.
If you want ISA Server to append a domain other than the default,
provide it in this field.
Configure RSA SecurID settings. You can configure Name
Lock, the SecurID cookie name, and a domain secret.
Note
The domain for single sign-on is configured on the SSO
tab of the Web listener properties.