-
-
Configuring single sign-on for Microsoft Exchange 2010
-
Configure Citrix Gateway to use RADIUS and LDAP Authentication with Mobile Devices
-
Restrict access to Citrix Gateway for members of one Active Directory group
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Configuring Single Sign-On for Microsoft Exchange 2010
The following section describes the configuration of Single Sign-On (SSO) for Microsoft Exchange 2010 on Citrix Gateway. The SSO for Outlook Web Access (OWA) 2010 does not work in the following conditions:
- Using the forms based authentication on Microsoft Exchange 2010.
- Load balancing virtual server with authentication, authorization, and auditing traffic management policy.
Note: This configuration works only for load balancing virtual server with authentication, authorization, and auditing traffic management policy. It does not work for SSO in OWA 2010 with clientless VPN.
The following steps are prerequisites that you must consider before configuring SSO for Microsoft Exchange 2010 on Citrix Gateway.
- The Action URL for SSO form is different in OWA 2010. Modify the traffic management policy accordingly.
- You require a rewrite policy to set the
PBack
cookie in the logon.aspx request. In normal scenarios, you set thePBack
cookie at the client and click Submit. - When you are using SSO, the response to logon.aspx is consumed and the Citrix Gateway generates the form request. The cookie is not attached in the form submission request.
- The OWA server expects the
PBack
cookie in the form submission request. The rewrite policy is required to attach thePBack
cookie in the form submission request.
Perform the following by using the CLI
-
Configure the authentication, authorization, and auditing traffic management
add tm formSSOAction OWA_Form_SSO_SSOPro -actionURL "/owa/auth.owa" -userField username -passwdField password -ssoSuccessRule "http.RES.SET_COOKIE.COOKIE(\"cadata\").VALUE(\"cadata\").LENGTH.GT(70" -responsesize 15000 -submitMethod POST
-
Configure the traffic management policy and bind the policy
-
add tm trafficAction OWA_2010_Prof -appTimeout 1 -SSO ON -formSSO Action OWA_Form_SSO_SSOPro
-
add tm trafficPolicy owa2k10_pol "HTTP.REQ.URL.CONTAINS(\"owa/auth/logon.aspx\")" OWA_2010_Prof
-
bind tm global -policyName owa2k10_pol -priority 100
-
Rewrite configuration using CLI
At the command prompt, type:
-
add rewrite action set_pback_cookie insert_after "http.REQ.COOKIE.VALUE(\"OutlookSession\")" "\";PBack=0\"" -bypassSafetyCheck YES
-
add rewrite policy set_pback_cookie "http.REQ.URL.CONTAINS(\"logon.aspx\")" set_pback_cookie
-
bind rewrite global set_pback_cookie 100 END -type REQ_DEFAULT
Alternate rewrite configuration
In rare cases, the Microsoft Outlook might not issue OWA session cookies and the Pback
cookies might also not get inserted. The issue might occur after you have run the preceding commands to implement the rewrite configuration.
To overcome such scenarios and as a workaround, you can configure the following commands instead of the rewrite configuration.
At the command prompt, type:
-
add rewrite action set_pback_cookie insert_http_header "Cookie" '"PBack=0"'
-
add rewrite policy set_pback_cookie "http.REQ.URL.CONTAINS(\"logon.aspx\")" set_pback_cookie
-
set rewrite policy set_pback_cookie -action set_pback_cookie
-
bind rewrite global set_pback_cookie 100 END -type REQ_DEFAULT
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.