On November 12, support.kemptechnologies.com will be migrating to the Progress Community.

Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

How to create a Welcome Message for Alternative SSO Domains when ESP is enabled

Scope

When you have multiple Edge Security Pack (ESP) SSO domains configured on your LoadMaster, clients are required to enter their credentials in the format "domain\user" or "user@domain". 

In this type of scenario, it makes sense to have a greeting message notifying clients of this requirement, for example: 

Welcome to webmail.kemp.com, please enter your credentials in the format "domain\user" or "user@domain"

The issue that arises here is that an XSS attack is triggered or the message doesn't appear in the form. This is due to the backslash "\" being a special regex character.

Solution

Escape the backslash in the greeting message with an additional backslash (\). 

Configuration

To configure a greeting message, follow the steps below in the LoadMaster Web User Interface (WUI):

  1. Go to Virtual Services > View/Modify Services.
  2. Click Modify on the relevant Virtual Service.
  3. Expand the ESP Options section.
  4. Ensure ESP is enabled.
  5. Ensure the Client Authentication Mode is set to Form Based.

  6. Enter the SSO Greeting Message, for example Welcome to webmail.kemp.com, please enter your credentials in the format (domain\\user or user@domain).
  7. Click Set SSO Greeting Message.

Was this article helpful?
0 out of 0 found this helpful

Comments