Download   Report
  1. No category

Webthority How To Proxy Microsoft Outlook Web Access

Webthority How To
Proxy Microsoft Outlook Web Access
This guide describes how to configure Webthority to protect Microsoft Outlook Web Access (OWA)
2003 and 2007.
There are three main mechanisms through which Webthority can authorize access to OWA:
Direct mapping to an OWA Login Form
Automatic Back-End Authentication with OWA (via automatic login form filling)
Automatic Back-End Authentication with OWA (via HTTP authentication)
The mechanisms are arranged here in increasing order of complexity and each should be
successfully completed before the next is attempted. Each mechanism requires a different level of
user experience, configuration and Authentication Services (AS) constraints which are detailed in
the following sections.
OWA Login Form
The most basic mechanism is simply a Webthority content server mapping with rewrite. The
authentication procedure is as follows:
1.
2.
3.
4.
User
User
AS)
User
User
clicks the link to the Webthority proxied OWA.
authenticates with the Webthority Authentication Service (not needed with VSJ or PKI
is directed to the OWA login form.
authenticates with OWA.
Configuration
Ensure that the Rewrite checkbox is selected on the Proxy Content Server Mapping tab, see
Rewrite Note.
Applicable Authentication Services
All.
Webthority How To Proxy Microsoft Outlook Web Access
Automatic Back-End Authentication with OWA
(via auto-login-form-filling)
This mechanism allows for Single Sign-On access to OWA.
The credentials used to authenticate to Webthority must be the same as those used to log
into OWA.
The authentication procedure is as follows:
User clicks the link to the Webthority proxied OWA.
User authenticates with Webthority Authentication Service
User’s Webthority Authentication Service username/password/domain combination is used
by Webthority to communicate with OWA
User is automatically logged into OWA.
Configuration
Ensure that these checkboxes are selected on the Proxy Content Server Mapping tab:
Back-End Auth
Rewrite, see Rewrite Note.
On the associated Web role Back-End Auth tab:
Select the Auto-fill login forms checkbox
Add a new row to the form filling table:
URL: This is the exact URL for the login form (e.g.
https://webmail.quest.com:443/CookieAuth.dll?GetLogon?curl=Z2F&
reason=0&formdir=2
All other fields relate to assisting the form filling algorithm. They specify the:
name of the HTML login form
name of the username/password/domain HTML form input fields
format of the username in the form (e.g. <username>@<domain>)
If your Authentication Service doesn’t provide a domain, you can set a
default domain to be used here as well.
For Webthority to authenticate with OWA via forms, OWA must be configured to use forms-based
auth.
Applicable Authentication Services
Authentication Services with username/password (a default domain can be configured) i.e. not the
Vintela Single Sign-On for Java Authentication Service or PKI Authentication Service.
Page 2
Webthority How To Proxy Microsoft Outlook Web Access
Automatic Back-End Authentication with OWA (via
HTTP authentication)
This mechanism allows Webthority and the Content server to negotiate for the best authentication
mechanism and then automatically log the user into OWA without using forms.
The credentials used to authenticate to Webthority must be the same as those used to log into
OWA.
The authentication procedure is as follows:
User clicks the link to the Webthority proxied OWA.
User authenticates with Webthority (not applicable if the VSJ or PKI Authentication Agent is
used)
The configured automatic authentication schemes are negotiated by Webthority with OWA
using SPNEGO and used in descending order of preference:
Kerberos (VSJ or Authentication Service with username/password)
NTLM (requires Authentication Service with username/password)
User is automatically log into OWA.
Configuration
Ensure that the Back-End Auth and Rewrite checkboxes are checked on the Proxy Content
Server Mapping tab.
Ensure that the required HTTP Authentication checkboxes are checked on the associated Web role
Back-End Auth tab.
For Webthority to authenticate with OWA via HTTP, OWA must use Integrated Windows
Authentication (IWA) (which uses SPNEGO to negotiate and then Kerberos and/or NTLM)
Applicable Authentication Services
Authentication Services with username/password (a default domain can be configured) i.e. not the
Vintela Single Sign-On for Java Authentication Service or PKI.
Rewrite Note:
For the rewrite option to function correctly for OWA, the following change is required in the
Proxy Service configuration file service.properties, located in ../webthority/webapps/<proxy
name>/WEB-INF/config):
xml.exclude=*tf_TwoLine.xsl *tf_Messages.xsl
Quest, Quest Software and the Quest Software logo are trademarks and registered trademarks of Quest
Software, Inc. in the United States of America and other countries. Other trademarks and registered
trademarks are property of their respective owners.
Page 3
How to set up your Android phone for shared base emails

How to set up your Android phone for shared base emails

How to login Remote Access – User Guide - Basic

How to login Remote Access – User Guide - Basic

How To Configure Certificate Based Authentication For OWA PART I DJ Ball

How To Configure Certificate Based Authentication For OWA PART I DJ Ball

OWA Basics (Outlook Web Access - Application) “How To – The Basics”

OWA Basics (Outlook Web Access - Application) “How To – The Basics”

How to become CJIS  compliant compliant  From planning to implementation

How to become CJIS  compliant compliant  From planning to implementation

W H T

W H T

Activating Compatibility View in Internet Explorer version 10

Activating Compatibility View in Internet Explorer version 10

How to Sign Up for the “Works” in the Professional...

How to Sign Up for the “Works” in the Professional...

H o w

H o w

How to Login to SPMS-Workplace Health &amp; Safety Site

How to Login to SPMS-Workplace Health &amp; Safety Site

Document 205549

Document 205549

abcdocz.com

© Copyright 2024