Forum Discussion
having trouble accessing OWA2010 with Basic authentication
Hi,
I cannot get SSO working with Basic authentication on BIG-IP 11.5.1 (LTM+APM).
Official iApp supports only HTML Form.
I have a Virtual Server with associated Access Profile.
Access policy is quite simple - I've got a Logon Page, AD Auth and Credential Mapping.
I've created an SSO HTTP Basic configuration and attached it to Access Profile.
After logging in to Logon Page it offers me to enter my credentials again (HTTP Basic Auth window appears).
I've tested similar configuration (but with simple Apache web server, not one of MS webapps) in my LAB and everything worked fine.
When I access OWA through the APM I get the following headers in response:
HTTP/1.1 401 Unauthorized
Content-Type: text/html
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
WWW-Authenticate: Basic realm=""
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
Date: Mon, 30 Jun 2014 18:36:23 GMT
Connection: keep-alive
Vary: Accept-Encoding
Transfer-Encoding: chunked
Proxy-Support: Session-Based-Authentication
Dear community, could you please share some working recipes for similar configuration with me?
PS
Same issue with SharePoint webapp...
- mikeshimkus_111Historic F5 Account
Hi zup, did you start from the iApp configuration and then manually add the Basic SSO, or did you do it all manually?
If you set the APM SSO log level to Debug from the System ›› Logs : Configuration : Options menu, then tail /var/log/apm which reproducing the issue, it could provide some clue as to what's happening.
Mike
- Vsevolod_PetrovCirrostratus
Hi mikeshimkus,
I've tried in both ways. I'm running BIG-IP 11.5.1 HF2.
At this moment I've got a manually created VS with associated Access Profile.
After enabling websso log level to debug I can see that APM attempts to provide initially entered credentials to OWA. The log file is very verbose.
Here is the text file.
I can understand APM makes two attempts to provide credentials but I don't get the reason why it doesn't work?
- Vsevolod_PetrovCirrostratus
I guess the reason is in [WWW-Authenticate][NTLM] header. That really means that application uses two types of authentication: basic and windows integrated.
How can I combine them both?
- Vsevolod_PetrovCirrostratus
I've tried simply add NTMLv1 SSO method instead of HTTP Basic and it worked for this particular application.
Next step is to add all apps to webtop with rewrite profile.
Thanks))
- mikeshimkus_111Historic F5 AccountGreat, glad you were able to figure it out.
- Vsevolod_PetrovCirrostratusThanks for your help!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com