How to create a Welcome Message for Alternative SSO Domains when ESP is enabled
Scope
When you have multiple Edge Security Pack (ESP) SSO domains configured on your LoadMaster, clients are required to enter their credentials in the format "domain\user" or "user@domain".
In this type of scenario, it makes sense to have a greeting message notifying clients of this requirement, for example:
Welcome to webmail.kemp.com, please enter your credentials in the format "domain\user" or "user@domain"
The issue that arises here is that an XSS attack is triggered or the message doesn't appear in the form. This is due to the backslash "\" being a special regex character.
Solution
Escape the backslash in the greeting message with an additional backslash (\).
Configuration
To configure a greeting message, follow the steps below in the LoadMaster Web User Interface (WUI):
- Go to Virtual Services > View/Modify Services.
- Click Modify on the relevant Virtual Service.
- Expand the ESP Options section.
- Ensure ESP is enabled.
- Ensure the Client Authentication Mode is set to Form Based.
- Enter the SSO Greeting Message, for example Welcome to webmail.kemp.com, please enter your credentials in the format (domain\\user or user@domain).
- Click Set SSO Greeting Message.