ASA WebVPN with SSO on Exchange OWA 2010

Answered Question
Feb 18th, 2011

Hi I was using WebVPN (clientless) with SSO on Exchange OWA 2003 and it was working fine with those SSO POST parameters:

URL: /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tabla normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} https://<mailserver>/exchweb/bin/auth/owaauth.dll

destination https://<mailserver>/exchange/
flags 0

username DOMAIN\ /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tabla normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} CSCO_WEBVPN_USERNAME

password /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tabla normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} CSCO_WEBVPN_PASSWORD

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Tabla normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} SubmitCreds Log+On

forcedownlevel  0

trusted 0

Now, I'm trying to do the same with OWA 2010 and it doesn't work. I always receive an error about user credentials

For Exchange 2010, I use those parameters:

URL: https://<mailserver>/owa/auth.owa

destination https://<mailserver>/owa/
flags 0

username DOMAIN\CSCO_WEBVPN_USERNAME

password CSCO_WEBVPN_PASSWORD

SubmitCreds Log+On

forcedownlevel  0

trusted 0

Does anyone know how to fix?
Has anyone got it working?

Any help?

Thanks

I have this problem too.
0 votes
Correct Answer by alig.norbert about 3 years 1 month ago

In this setup, I had to change it to HTTP (customer related). It works over HTTPS as well.

Get this tool http://www.fiddler2.com/fiddler2/.

URL:      http://internal-mail-server-ip/owa/auth/owaauth.dll

post-parameter:

destination:          http://internal-mail-server-ip/owa/

flags:                    0

forcedownlevel:    0

trusted:                 0

username:            CSCO_WEBVPN_USERNAME

password:            CSCO_WEBVPN_PASSWORD

isUtf8:                   1





http://internal-mail-server-ip/owa/auth/owaauth.dll]]>




http://internal-mail-server-ip/owa/
destination


0
flags


0
forcedownlevel


0
trusted


CSCO_WEBVPN_USERNAME
username


CSCO_WEBVPN_PASSWORD
password


1
isUtf8

Greets,

Norbert

Hope this help....please rate if helpful

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
alig.norbert Mon, 02/28/2011 - 12:04

Hi,

Have you tried "http capture"?

Here is my "Workaround" bookmark. I'll post the final bookmark (when I'm back in the office).....

http:///owa

destination:     http:///owa/

flags:               0

forcedownloadlevel:     0

trusted:               0

username:        CSCO_WEBVPN_USERNAME

password:         CSCO_WEBVPN_PASSWORD

isUft8:          1

BUT, the weird think is, when I hit the bookmark, the OWA (2010) login screen appears.

After klicking (once) on the "sign in" button on the OWA login page, go back to the WebVPN portal and click a second time on the bookmark the

access to the mailbox account is granted.

The same with the post-plugin.

Greets,

Norbert

jmprats Fri, 03/04/2011 - 03:37

it doesn't work for me. Incorrect credentials

http capture? how can i do that? does it works with https?

thanks

Correct Answer
alig.norbert Fri, 03/04/2011 - 13:41

In this setup, I had to change it to HTTP (customer related). It works over HTTPS as well.

Get this tool http://www.fiddler2.com/fiddler2/.

URL:      http://internal-mail-server-ip/owa/auth/owaauth.dll

post-parameter:

destination:          http://internal-mail-server-ip/owa/

flags:                    0

forcedownlevel:    0

trusted:                 0

username:            CSCO_WEBVPN_USERNAME

password:            CSCO_WEBVPN_PASSWORD

isUtf8:                   1





http://internal-mail-server-ip/owa/auth/owaauth.dll]]>




http://internal-mail-server-ip/owa/
destination


0
flags


0
forcedownlevel


0
trusted


CSCO_WEBVPN_USERNAME
username


CSCO_WEBVPN_PASSWORD
password


1
isUtf8

Greets,

Norbert

Hope this help....please rate if helpful

jmprats Mon, 03/07/2011 - 00:45

Great!

This parameters works for me, too (and with https)

Thank you very much

netbin2009 Fri, 10/28/2011 - 03:05

Hi!

Where can i set these parameter setting suggested? I´m using ASA5510 Version 8.4(1) and the post options i have in drop-down list is:

CSCO_WEBVPN_USERNAME

CSCO_WEBVPN_PASSWORD

Is this done via cli? If so how should i enter config mode for a specific bookmark and entry?

Regards,

Fredrik

Actions

Login or Register to take actions

This Discussion

Posted February 18, 2011 at 12:34 AM
Stats:
Replies:6 Avg. Rating:5
Views:7398 Votes:0
Shares:0
Categories: ASA
+

Related Content

Discussions Leaderboard