OWA and Single Sign-On?

[How to run the NSM GUI under Mac OS X]

How to run the NSM GUI under Mac OS X
How to setup a route-based VPN on a NetScreen
How to make your PPTP VPN client work through a NetScreen/SSG
Setting up a dial-up VPN and NetScreen Remote
How the Global Zone Works (It's probably not what you think)
How to configure NetScreen/SSG devices to work with the built in Mac OS X VPN client
How to Configure Dial-up VPN with route-based tunnels, XAuth, and use IPSecuritas

[oldo]

Hi! I've found some sort of info on how to get Exchange 2003 Outlook Web Access to work with Single Sign-On. I gave it a try, but never got it to work. Has anyone an OWA with SSO working. My OWA link looks this way:

https://server.domain.com/exchange/bin/auth/owaauth.dll?username=<USERNAME[1]>&password=<PASSWORD[1]>&SubmitCreds=Log+On&forcedownlevel=0&trusted=0&destination=https://server.domain.com/exchange

Should also mention that the Exchange server i worked with had a self signed certificate. The error I got was a 404, page cannot be found.

Any ideas?

[Joern]

If you have an adnvanced license use the sso form post method. You find an howto for this in the juniper knowledge base.
If you don't have an advanced license change your athentication method on your exchange server to basc auth and you can use the basc auth feature on your IVE.
Greetings
Joern

[oldo]

Hi!

Thanks for your reply. Yes it has an "Advanced" license. I looked at KB ID: KB2668 when configuring this. I guess this is the article you mean I could search for? As I said, I never got it to work. Have you? Could it be it is because the OWA site has a self signed crtificate? Or have I missed something else?

regards,
oldO

[Frac]

oldo,

why go to a the https page? use the http page (the SA will do the https, so np)

And yes the certificate could be the problem, who is is gona accept it? (popup self sign certf?)

change the https to the http page and try it again.

GreetZ,
Frac

[Joern]

Oldo,
https or http there is no problem with. In <Role><web><option> you have a check box where you can chose that the ive should accept certificates from untrusted webserver.

On you your first post it looks for me that you configured the sso as an URL in the bookmark page. This can't work.
The bookmark must be http(s)://<Exchange-Server>/exchange nothing else. The other things you must configure under <Ressource Policies><Web> <SSO Form Post>
Greetings
Joern

[oldo]

Ahhh.. I finally get it. Thanks Joern! I did post it as a URL. Think I'll get it to work now! Thanks!!

[Frac]

hi,

true joern, but no need for HTTPS! And i wouldn't enable "accept certf from untrusted webserver", because this means if people surf via SA to https servers, they can access wrong servers. (phising websites)

he doesn't need https anymore, because the SA will do that for him.

the other part is correct.

GreetZ,
Frac

[oldo]

Well, right now we are transfering users to the SA box, but not all of them have access yet. So in the furure you are right, we should scrap the self signed certificate on that site and close it from public access, (internet). But for a short period before all users are transferd we'll have to "accept cert from untrusted webserver". Thanks for your help and input!

•      Forum/Home
•      Store
•      Articles
•        Tech Articles
•        Industry News
•        Site News
•      Knowledgebase
•        JUNOS/Routing
•        NS/ISG/SSG/NSM
•        SSL VPN
•      Downloads

Please consider donating if we've saved you time or money. It helps pay for the bandwidth, equipment, and hosting charges to keep this site running

Submit Article/KB - Do not submit questions here.

[Today]

• Screening Spam by Joe Vallender [Today at 07:03:09 AM]
• Intrazone Policies by mknll [Today at 06:34:20 AM]
• Two ISPs and one DMZ by mulopaari2 [Today at 06:21:05 AM]
• Problem logging into my n... by fujisan [Today at 04:51:24 AM]
• VPN to cisco pix with two... by Watcher60 [Today at 04:38:27 AM]
• www.nikeincome.com cheap ... by xu_zhongying100 [Today at 02:30:17 AM]
• www.nikeincome.com cheap ... by xu_zhongying100 [Today at 02:29:08 AM]
• www.nikeincome.com cheap ... by xu_zhongying100 [Today at 02:27:32 AM]
• sell nike jordan fusion ... by xu_zhongying100 [Today at 02:25:15 AM]
• sell nike jordan fusion ... by xu_zhongying100 [Today at 02:22:32 AM]

Members

• Total Members: 22514
• Latest: Deepy

Stats

• Total Posts: 40575
• Total Topics: 11249
• Online Today: 77
• Online Ever: 393
• (August 06, 2008, 07:40:57 AM)

Users Online

Users: 2
Guests: 58
Total: 60

Deepy
mky2