External Login Page w/ OWA Landing URI

Hi,

We are currently testing the latest version of the Exchange 2013 iAPP on v11.6. We've deployed the application using the scenario where a single BIG IP acts as both the load balancer and secure proxy through APM. All exchange services (ews, autodiscover, ecp, owa, etc) route through the same DNS Name/VIP. We also have a requirement that Web Based authentication go through one of our Single Sign on tools (Siteminder or SAML).

Our first attempt was to modify the Access Policy VPE created by the iapp. We merely replaced the built in F5 login page with an external login page that posted the userid and creds back to F5. This worked successfully for OWA. However, it broke all other services (autodiscover, outlook anywhere, etc)

Our second attempt was to insert a Server Side check for the client type. Full and Mobile Web browsers would direct to our external login page. And then the failback action would utilize the original flow created by the iapp. Again OWA authentication worked as expected. Everything else did not.

Our latest attempt was to use a Server Side check for landing URI instead. Here, if the landing URI was /owa, it would redirect to the external login page. The failback action is the original flow created by the app. However, for some reason, I can not seem to get the landing URI detection to work. When I go to /owa, it appears that it is just using the failback action.

Anyone have a similar requirement or any suggestions? I can see that it is trying to evaluate the landing uri rule. I can't figure out why it's not redirecting me to the external login page though.

The log output is below: