SSL/VPN OWA Single Sign On

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

OWA2007 works with IVE OS 6.2 with no problems since version 6.0.

The below parameters will help you:

1. create a new resource profile (web) with type "Microsoft OWA 2007"

2. in this new web application ressource profile you choose a new name (e.g. OWA2007)

3. Insert your base URL (e.g.

4. goto "QWA Settings"

5. Choose "managed Device" an make a decision if want to allow attachment upload/download or not

6. Choose "Autopolicy: Web Access Control" (Check the Box)

7. Enter the URL and port of your OWA-Server into the ressource field , choose "Action = Allow" and click "Add"

=> looks like "* allow

8. Activate Autopolicy: Caching and specifiy the following 3 rules (if not default):

a.)* => "Unchanged"

b.)* => "No-Cache"

c.)* => "Unchanged"

9. Activate Autopolicy: Web Compression (if not default) with the following rule:

a.)* => Compress

10. Activate Autopolicy: Single Sign On

a.) Choose Basic Auth

b.) Insert your Ressource: "*"

c.) Choose " User predefined Credentials...."

c 1.) For Username try this parameter: <[email protected]_Authentication_server.userPrincipalName>

c 2.) Choose Variable Password and try this parameter:

Hint: c1 and c2 depends on your authentication scheme: for "your_Authentication_server" substitute with the name of the authentication server you created for activeDirectory Authentication, the variable password can also be defined with if you have more than one User/pass kombination (e.g when using additional One time token for authentication purposes or any other secondary authentication mechanism)

All varialbles should be of lower case. For example when it is spelled username "Username" did not work. Once it is all lower case it will work.

kushtrim-berisha Mon, 07/19/2010 - 02:56

hi there,

OWA 2007 should configure with HTTPS becouse you can not use HTTP.

first of all you should create an access-list that will allow trafic thought HTTPS protocol from outsid users.

access-list outside extended permit tcp any host eq https

second, you should create an static that will translate from real IP to a private and conversely.

static (inside,outside) tcp https https netmask

hope it hepls.



This Discussion