How to Make Outlook Web Access Logout Trigger Clientless VPN Session Logout Using the Responder Feature
Article ID: CTX124560
Updated On:
Description
This article describes how to ensure Outlook Web Access (OWA) logout triggers VPN session logout of clientless VPN using the Responder Feature.
If you have OWA set as the homepage on the Access Gateway Enterprise Edition, then logout of OWA should trigger the logout from the VPN session.
Instructions
You can use the Responder policy that looks for the logout in the URL from the client in OWA session over the tunnel. When you receive the logout, the policy redirects the user to logout.html for the VPN session termination.
In this case, if the user hits the Back button, the user is taken back to the logon page of the VPN. The user information is removed from Active user because VPN logout has been triggered. This should work irrespective of the browser used by the client.
Note: The redirect is triggered every time the policy is hit as Responder policy cannot be bound to VPN vServer. It has to be bound globally.
Snippet of the policy:
If OWA is used, use the following policy/action:
Adding the action
(The fqdn is the vpn vserver URL, owa_redirect is the name of the action and redirect is the actual action).
add responder action owa_redirect redirect "\"https://agee.example.com/cgi/logout\"" -bypassSafetyCheck YES
Adding/Binding policies
(owa_pol is the name of the policy looking for logoff.owa in the path and query of the URL):
add responder policy owa_pol "http.REQ.URL.PATH_AND_QUERY.CONTAINS(\"logoff.owa\")" owa_redirect
bind responder global owa_pol 100 END -type REQ_OVERRIDE
Note: In the traces it is noticed that client sends logoff.owa in the URL when the logout is triggered hence the policy is designed accordingly. Kindly check with Exchange/OWA team incase it differs in your environment.
If Exchange is used, use the following policy/action:
Adding the action
(The fqdn is the vpn vserver URL, exchange_redirect is the name of the action and redirect is the actual action):
add responder action exchange_redirect redirect "\"https://agee.example.com/cgi/logout\"" -bypassSafetyCheck YES
Adding/Binding policies
(exchange_pol is the name is name of the policy looking for logoff.asp in the path and query of the URL):
add responder policy exchange_pol "http.REQ.URL.PATH_AND_QUERY.CONTAINS(\"logoff.asp\")" exchange_redirect
bind responder global exchange_pol 100 END -type REQ_OVERRIDE
In the traces it is noticed that client sends logoff.asp in the URL when the logout is triggered hence the policy is designed accordingly. Kindly check with Exchange/OWA team in case it differs in your environment.Use the following commands to unbind the Responder policy based on the policy config:
unbind responder global exchange_pol
or
unbind responder global owa_pol
Issue/Introduction
