Forum Discussion
SSO breaking OWA font icons
I am investigating an issue where font-based icons are not rendering in OWA 2013 when accessed in Internet Explorer through APM using SSO.
IE11:
Everywhere else:
We originally configured load balancing for CAS / OWA through LTM using the iApp without APM, and later added a portal access link to OWA on a separate APM webtop portal. This link goes through the APM session in order to use form-based SSO, and was configured manually & completely separately from the iApp-based VIP hosting CAS / OWA.
The page renders as expected in any browser when accessed directly without APM, or through APM when SSO is disabled (or fails). The page also renders normally when accessed with SSO in any browser except IE11.
We have performed a wide range of tests on the app and SSO profile with limited success. Under certain circumstances, IE11 will render the icons; but only when requests are routed through an external proxy (i.e. Fiddler) and even then only under specific SSO settings. We have verified that the fonts are being received intact, and can even get the icons to render if we install them locally and modify the page (through the IE developer console) to load the local copy. We have also applied the client-initiated SSO profile that is created by the exchange 2013 iApp template with the same results.
I am now out of ideas and open to any potential explanations or solutions the community has to share. Thank you in advance.
apm resource portal-access /Common/OWA {
acl-order 8
application-uri https://owa.domain.com/owa/auth/logon.aspx\?replaceCurrent=1
customization-group /Common/OWA_resource_web_app_customization
items {
item {
host owa.domain.com
order 1
paths /*
port 443
scheme https
sso /Common/exchange_2013_sso
subnet 0.0.0.0/0
}
}
path-match-case false
publish-on-webtop true
scheme-patching true
}
apm sso form-based /Common/exchange_2013_sso {
form-action /owa/auth.owa
form-field "destination https://owa.domain.com/owa/
flags 4
forcedownlevel 0
isUtf8 1
trusted 0"
form-password password
form-username username
start-uri /owa/auth/logon.aspx\?replaceCurrent=1
success-match-value path
username-source session.qualifiedlogin
}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com