Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

SSL/VPN OWA Single Sign On

Hi,

Does anyone have the post paramters to get OWA 2007 successfully working using single sign on. I've followed the basic doc but am still getting prompted for Username and Password i've tried using a HTTP Analyer to get the parameters but to no avail.

Thanks

4 REPLIES
Silver

Re: SSL/VPN OWA Single Sign On

OWA2007 works with IVE OS 6.2 with no problems since version 6.0.

The below parameters will help you:

1. create a new resource profile (web) with type "Microsoft OWA 2007"

2. in this new web application ressource profile you choose a new name (e.g. OWA2007)

3. Insert your base URL (e.g. http://yourOWAserver.yourdomain.com/owa)

4. goto "QWA Settings"

5. Choose "managed Device" an make a decision if want to allow attachment upload/download or not

6. Choose "Autopolicy: Web Access Control" (Check the Box)

7. Enter the URL and port of your OWA-Server into the ressource field , choose "Action = Allow" and click "Add"

=> looks like "http://yourOWAserver.yourdomain.com:80/* allow

8. Activate Autopolicy: Caching and specifiy the following 3 rules (if not default):

a.) http://yourOWAserver.yourdomain.com:80/owa/attachment.ashx?attach=1* => "Unchanged"

b.) http://yourOWAserver.yourdomain.com:80/owa/WebReadyView.aspx?t=att&* => "No-Cache"

c.) http://yourOWAserver.yourdomain.com:80/* => "Unchanged"

9. Activate Autopolicy: Web Compression (if not default) with the following rule:

a.) http://yourOWAserver.yourdomain.com:80/* => Compress

10. Activate Autopolicy: Single Sign On

a.) Choose Basic Auth

b.) Insert your Ressource: "http://yourOWAserver.yourdomain.com:80/owa/*"

c.) Choose " User predefined Credentials...."

c 1.) For Username try this parameter: <userAttr@your_Authentication_server.userPrincipalName>

c 2.) Choose Variable Password and try this parameter:

Hint: c1 and c2 depends on your authentication scheme: for "your_Authentication_server" substitute with the name of the authentication server you created for activeDirectory Authentication, the variable password can also be defined with if you have more than one User/pass kombination (e.g when using additional One time token for authentication purposes or any other secondary authentication mechanism)

All varialbles should be of lower case. For example when it is spelled username "Username" did not work. Once it is all lower case it will work.

Community Member

Re: SSL/VPN OWA Single Sign On

Thanks for the response, is this configuration releated to the ASA SSL/VPN???

Thanks

Community Member

Re: SSL/VPN OWA Single Sign On

I think he's posted the configuration for a Juniper SA device :S

Community Member

Re: SSL/VPN OWA Single Sign On

hi there,

OWA 2007 should configure with HTTPS becouse you can not use HTTP.

first of all you should create an access-list that will allow trafic thought HTTPS protocol from outsid users.

access-list outside extended permit tcp any host 20.20.20.20 eq https

second, you should create an static that will translate from real IP to a private and conversely.

static (inside,outside) tcp 20.20.20.20 https 10.10.10.10 https netmask 255.255.255.255

hope it hepls.

Regards.

1320
Views
0
Helpful
4
Replies
CreatePlease to create content