Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Security

Configure Multi-Factor Authentication for Exchange with ADSelfService Plus

Updated

 

Information

 

Summary:

Configure Multi-Factor Authentication for Exchange with ADSelfService Plus.
Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Any
Question/Problem Description:

Looking to configure ADSelf Service Plus MFA in a similar way to DUO, where the loadmaster will accept the login for OWA, but redirect to the ADSSP MFA server for a push.
Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:

 

  • The process for getting the LoadMaster to work with ADSelfService Plus MFA is essentially the same as with DUO MFA. We are simply changing the URL that needs to be matched on when the redirect occurs.

 

  • Create a content rule to match on /\/adssp.*/

Match_Rule.jpg

 

  • Assign this content rule to the OWA SubVS.

 

OWA_ADSSP.png

 

 

  • Configure "ADSSP" traffic to be allowed under the ESP settings on your OWA SubVS.

 

ESP_Settings.png

 

Additional configurations which are needed for DUO may be applicable as well, these include:

 

  • Configuring X-Forwarded-For and X-Forwarded-Proto headers to your request
  • Enabling Persistence
  • Enabling Shared Sub VS Persistence

Steps to enable these specific settings can be found in the DUO article below.

 
Workaround:  
Notes:

https://support.kemptechnologies.com/hc/en-us/articles/218374383-How-to-configure-Duo-Two-Factor-Authentication-with-Sub-Virtual-Services

 

Comments

In this document