Perimeter authentication with ISA server and AD

Hi,

We have a Microsoft ISA server that does all authentication at the perimeter.
I'm trying to set up a WLS 10 that can inspect and pass on the authenticated
Subject to the (SQLServer) database when performing searches. 
I have configured the environment according to the steps in [url 
http://e-docs.bea.com/wls/docs100/secmanage/sso.html][/url], and I have set up
my security realm with an Active Directory Authentication provider and a
Negotiate Identity Assertion provider. But soemthing is obviously not working,
since I see no signs of the authenitcated subject in the server log, and
Security.getCurrentSubject() returns an empty Subject. What am I doing wrong?