Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1596
Views
0
Helpful
4
Replies

SSL/VPN OWA Single Sign On

dkirby
Level 1
Level 1

‎05-20-2009 08:47 AM

Hi,

Does anyone have the post paramters to get OWA 2007 successfully working using single sign on. I've followed the basic doc but am still getting prompted for Username and Password i've tried using a HTTP Analyer to get the parameters but to no avail.

Thanks

Labels:
0 Helpful
4 Replies 4

wong34539
Level 6
Level 6

‎05-26-2009 07:58 AM

OWA2007 works with IVE OS 6.2 with no problems since version 6.0.

The below parameters will help you:

1. create a new resource profile (web) with type "Microsoft OWA 2007"

2. in this new web application ressource profile you choose a new name (e.g. OWA2007)

3. Insert your base URL (e.g. http://yourOWAserver.yourdomain.com/owa)

4. goto "QWA Settings"

5. Choose "managed Device" an make a decision if want to allow attachment upload/download or not

6. Choose "Autopolicy: Web Access Control" (Check the Box)

7. Enter the URL and port of your OWA-Server into the ressource field , choose "Action = Allow" and click "Add"

=> looks like "http://yourOWAserver.yourdomain.com:80/* allow

8. Activate Autopolicy: Caching and specifiy the following 3 rules (if not default):

a.) http://yourOWAserver.yourdomain.com:80/owa/attachment.ashx?attach=1* => "Unchanged"

b.) http://yourOWAserver.yourdomain.com:80/owa/WebReadyView.aspx?t=att&* => "No-Cache"

c.) http://yourOWAserver.yourdomain.com:80/* => "Unchanged"

9. Activate Autopolicy: Web Compression (if not default) with the following rule:

a.) http://yourOWAserver.yourdomain.com:80/* => Compress

10. Activate Autopolicy: Single Sign On

a.) Choose Basic Auth

b.) Insert your Ressource: "http://yourOWAserver.yourdomain.com:80/owa/*"

c.) Choose " User predefined Credentials...."

c 1.) For Username try this parameter: <userAttr@your_Authentication_server.userPrincipalName>

c 2.) Choose Variable Password and try this parameter:

Hint: c1 and c2 depends on your authentication scheme: for "your_Authentication_server" substitute with the name of the authentication server you created for activeDirectory Authentication, the variable password can also be defined with if you have more than one User/pass kombination (e.g when using additional One time token for authentication purposes or any other secondary authentication mechanism)

All varialbles should be of lower case. For example when it is spelled username "Username" did not work. Once it is all lower case it will work.

0 Helpful

dkirby
Level 1
Level 1
In response to wong34539

‎05-28-2009 02:25 AM

Thanks for the response, is this configuration releated to the ASA SSL/VPN???

Thanks

0 Helpful

marcosgeorgopoulos
Level 1
Level 1
In response to dkirby

‎07-19-2010 12:34 AM

I think he's posted the configuration for a Juniper SA device :S

0 Helpful

kushtrim-berisha
Level 1
Level 1

‎07-19-2010 02:56 AM

hi there,

OWA 2007 should configure with HTTPS becouse you can not use HTTP.

first of all you should create an access-list that will allow trafic thought HTTPS protocol from outsid users.

access-list outside extended permit tcp any host 20.20.20.20 eq https

second, you should create an static that will translate from real IP to a private and conversely.

static (inside,outside) tcp 20.20.20.20 https 10.10.10.10 https netmask 255.255.255.255

hope it hepls.

Regards.

0 Helpful
Customers Also Viewed These Support Documents