How to Configure Single Sign On for OWA 2010 with Two Factor Authentication

How to Configure Single Sign On for OWA 2010 with Two Factor Authentication

book

Article ID: CTX134724

calendar_today

Updated On:

Description

This article describes how to configure Single Sign On (SSO) for Outlook Web Access (OWA) 2010 with two factor authentication.

Background

SSO does not work for OWA 2010 for two factor authentication after configuring SSO by using CTX128197 - How to Configure Single Sign-On for Exchange 2010.

The Action URL for SSO form is different in OWA 2010. Therefore, you must modify the Traffic Management policy. You require a rewrite policy to set the PBack cookie in the logon.aspx request.
In normal scenarios, the PBack cookie is set at the client when you select Submit. If SSO is configured, then the response to logon.aspx is intercepted and the form request is generated by the NetScaler appliance. The PBack cookie is not attached in the form submission request. The OWA server expects the PBack cookie in the form submission request. Rewrite policy must be attached to the PBack cookie in the form submission request.

Note: Clientless Virtual Private Network (CVPN) access for OWA 2010 is now supported with NetScaler software release 10.

Instructions

To configure SSO for Outlook Web Access 2010, complete the following procedures:

Authentication, Authorization, and Auditing (AAA) for Traffic Management Configuration

  1. Configure a SSO profile.

    User-added image

  2. Create a Traffic profile with the preceding Form SSO action.

    User-added image

  3. Configure a Traffic policy with the Traffic Profile.

    User-added image

  4. Bind the Traffic policy either at global level or to a virtual server.

    User-added image

  5. Configure a Session profile.

    User-added image

    Note: Select Credential Index to either primary or secondary depending on the credentials that must be sent to the Web Applications.

  6. Configure a Session policy with the Session profile.

    User-added image

  7. Bind the Session policy to the AAA virtual server.

    User-added image

Rewrite Configuration

  1. Configure a Rewrite action.

    User-added image

  2. Configure a Rewrite policy with the Rewrite action.

    User-added image

  3. Bind the Rewrite policy to the Load Balance virtual server.

    User-added image

    Note: Sometimes even after you implement the rewrite configuration, Outlook might not issue OWA Session cookies and the Pback cookies might not be inserted. In this scenario, you must use the following configuration as a workaround instead of the preceding rewrite configuration.

Workaround Rewrite Configuration

  1. Create Rewrite action.

    User-added image

  2. Create Rewrite policy.

    User-added image

  3. Bind the Rewrite policy to the Load Balance virtual server.

    User-added image

Issue/Introduction

This article describes how to configure Single Sign On (SSO) for Outlook Web Access (OWA) 2010 with two factor authentication.
Powered by Wolken Software