- I’ve been asked about this a few times recently so thought it worth a post.
As of version 10.69.4.nc NetScaler Gateway and AAA features support OWA 2010
In order to provide SSO when authentication on OWA is form based additional configuration is required.
Create a formSSOAction, this provide the NetScaler with the following information:
- The page in which to complete the Form based SSO (/owa/auth.owa)
- The field names to pass the username and password values to (username and password)
- The cookie that deals with authentication for OWA (cadata)
- The method in which to submit form data (post)
add vpn formSSOAction SSOPro_OWA -actionURL “/owa/auth.owa” -userField username -passwdField password -ssoSuccessRule “http.RES.SET_COOKIE.COOKIE(“cadata”).VALUE(“cadata”).LENGTH.GT(70)” -responsesize 15000 -submitMethod POST
Create a VPN traffic action that specifies SSO as well as the name of the formSSOAction created above.
add vpn trafficAction TrafAct_OWA HTTP -appTimeout 1 -SSO ON -formSSOAction SSOPro_OWA
add a VPN traffic Policy to specify at when this traffic action should be applied
add vpn trafficPolicy TrafPol_OWA “HTTP.REQ.URL.CONTAINS(“owa/auth/logon.aspx”)” TrafAct_OWA
bind this traffic action globally so as to apply to all NetScaler Gateway Vservers (alternatively this could be bound specifically to a single VPN VServer if more then one version of OWA was to be supported from an appliance)
bind vpn global -policyName TrafPol_OWA -priority 100
bind vpn vserver VSERVERNAME -policyName TrafPol_OWA -priority 1000
The PBack cookie value is usually set to zero when the user manually selects submit in OWA so a rewrite action is created to simulate this
add rewrite action set_pback_cookie insert_after “http.REQ.COOKIE.VALUE(“OutlookSession”)” “”;PBack=0″” -bypassSafetyCheck YES
A policy is created to specify when this rewrite policy should apply
add rewrite policy set_pback_cookie “http.REQ.URL.CONTAINS(“logon.aspx”)” set_pback_cookie
This is then bound globally as it should not effect other versions of OWA operating
bind rewrite global set_pback_cookie 100 END -type REQ_DEFAULT