Form based to Form based auth in latest Firmware for Exchange OWA does not work

0

Hi,

with the latest firmware we can now use Form based to form based authentication with OWA. I have not tried to set this up but it does not work. I can successfully login to the KEMP form and later I end up on the OWA form. If I enter username+password there manually OWA will login successfully.

Now that there is no other configuration to make other than choose "Form based" as Client ans Server-Auth Method:

Did anyone had any sucess in deploying this?

What I found interesting is that there is no configuration necessary for OWA. When I look into the ESP documentation here: https://support.kemptechnologies.com/hc/en-us/articles/203125029-Edge-Security-Pack-ESP-

the string shown here is wrong:

- Form POST Format: destination=%s#authRedirect=true&flags=4&forcedownlevel=0&username=%s&password=%s&passwordText=&isUtf8=1

As it is stated in the WUI documentation: https://support.kemptechnologies.com/hc/en-us/articles/213906303-Web-User-Interface-WUI-

the correct format would be:

destination=%s#authRedirect=true&flags=4&forcedownlevel=0&username=%s&password=%s&passwordText=&isUtf8=1

Can someone tell me if the %s variable is for 100% correct? I found this interesting that the same variable is used for destination, Username and Password. This sound like that this is not correct.

Thanks for any input

 

-Peter

 

3 comments

Avatar
0
alexander.schilly

Hi Peter,

did you ever get this fixed? with form based authentication users are no longer able to log on. no matter which "Post Form format" i use.

cheers,

alex

Avatar
0
peter.forster

Hi,

yes - problem was fixed. The following "strange" configuration helped:

Remove any manually configured "Post Form format"

Enter the "Logoff String" with "/owa/logoff.owa" in ECP/OWA and Auth SubVS

This did the trick - important is Firmware 7.2.38, there was a bug in 7.2.37 with form to form based auth.

HTH

-Peter

 

Avatar
0
alexander.schilly

Hi Peter,

 

that did the trick! Just keep it blank. Thanks a lot. 

 

Alex