Forum Discussion
Basavaraj
Altostratus
Altostratusexchange 2013 owa logout page redirect back to apm login page
Hi Experts, We have deployed 2013 exchange owa sso using f5 APM, from outside users can access https://mail.emmcc.com, users get apm login page and customer provides AD credentials and they wil...
Daniel_Wolf
MVP
MVPHi Basavaraj,
there is a deployment guide for Microsoft Exchange Server 2016, which I think is also applicable to 2013.
DEPLOYMENT GUIDE - Microsoft Exchange Server 2016 (BIG-IP v11 - v13: LTM, APM, AFM)
Scroll all the way down to "Creating the iRule to terminate inactive APM sessions if using Forms-based authentication for OWA (default)".
This will terminate the session on APM and you will see this:
For simplicity, here is the iRule
when RULE_INIT {
set static::cookie_sessionid [format "sessionid=null; path=/; Expires=Thu, 01-Jan-1970 00:00:00 GMT;"]
set static::cookie_cadata [format "cadata=null; path=/; Expires=Thu, 01-Jan-1970 00:00:00 GMT;"]
set static::cookie_usercontext [format "UserContext=null; path=/; Expires=Thu, 01-Jan-1970 00:00:00 GMT;"]
}
when ACCESS_SESSION_STARTED {
if { [string tolower [HTTP::uri]] contains "ua=0" } {
ACCESS::session remove
}
}
when ACCESS_ACL_ALLOWED {
set apm_mrhsession [HTTP::cookie value "MRHSession"]
if { [table lookup $apm_mrhsession] == "EXCHANGE_LOGOUT" } {
ACCESS::session remove
table delete $apm_mrhsession
}
}
when HTTP_REQUEST {
set isset 0
if {[string tolower [HTTP::uri]] starts_with "/owa" } {
if {[string tolower [HTTP::uri]] contains "logoff" } {
ACCESS::session remove
HTTP::respond 302 Location "https://[HTTP::host]/vdesk/hangup.php3" "Set-Cookie" $static::cookie_sessionid "Set-Cookie" $static::cookie_cadata "Set-Cookie" $static::cookie_usercontext
} else {
if { [string tolower [HTTP::uri]] contains "ua=0" } {
set mrhsession [HTTP::cookie value "MRHSession"]
set isset 1
}
}
}
}
when HTTP_RESPONSE {
if { $isset == 1 } {
if { $mrhsession != "" && [HTTP::status] == 440 } {
table set $apm_mrhsession "EXCHANGE_LOGOUT"
return
}
}
}
BasavarajDear Danial,
Thanks for your response
we have deployed the owa sso with 2013 iapp template, there are a couple rules are already created, do you want me to edit any one of the irule or do you want me to add this irule to the virtual server?
Thank you
Basavaraj
- Daniel_Wolf
You could check if there is an iRule with the same or similar content created by the iApp and attached to the VS. If not, create this one, add it to the VS and give it a shot.
Also, when using iApp prior to version v1.0.1rc1, there was an issue where users were unable to logout of an APM session after clicking logout from OWA. The issue has been corrected in iApp version v1.0.1rc1. Always make sure to use the latest iApp version. IMHO it is perfectly OK to use the RC versions.
- Basavaraj
Hi Daniel,
Thanks for your response, I will check this and update you same
Thanks
Basavaraj