Forum Discussion
plc_120333
Nimbostratus
NimbostratusActiveSync and Multi Domain SSO issue
Hello all,
I'm currently implementing a SSO at a costumer using APM and we are using Multiple Domain SSO to accomplish that.
As Outlook 2010 is part of the SSO I'm having some problems with...
Kevin_Stewart
Employee
EmployeeAfter noodling on this one for a bit, I've come to the following thoughts:
-
It's pretty clear that ActiveSync won't work with the APM Multi-Domain SSO process. You could certainly modify the iApp's iRules to perhaps accomodate for this, or
-
And this isn't completely vetted, but I believe it'd be possible to VIP target your configuration.
- Change your existing iApp-created Exchange VIP so that it listens on an internal, non-routable address.
- Create a new standard Exchange iApp that JUST handles ActiveSync and also put it on an internal, non-routable address - all other settings the same as above.
-
Create an externally-accessible LTM HTTP VIP and an iRule that sends traffic to either internal VIP based on URI. Example:
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/microsoft-server-activesync" } { virtual active_sync_vs } else { virtual exchange_vs } }
So based on the incoming URI, the request will either go to the ActiveSync VIP and authenticate directly, or to the Exchange VIP and authenticate via Multi-Domain SSO. Give that a shot.