Forum Discussion
CirrusTrying to mimic the webmail private and public computer settings using an irule
Found this article online:
https://devcentral.f5.com/articles/add-outlook-web-access-login-options-to-the-apm-logon-page
However it seems to only work with Basic forms and I am using an NTLM format. Basically i can setup the radio buttons for the users to select if they are either at a public or private PC. From there i need to change the timeout settings from 8 hours (private) to 15 minutes (public).
Is there a way to do this with an irule or with APM. by changing the APM timeout session based on the selection?
4 Replies
Rosieodonell_16By default it is set to 8 hours for more information.If you're not using forms in OWA, you have to access those options by inserting some special headers. This is the same thing that Forefront/TMG/whatever does when it does Forms Auth --> HTTP Auth. Like you're doing with APM.
Two headers "X-Experience" and "X-LogonType" control it:
X-Experience can be "premium" or "light". X-LogonType can be "public" or "private".
To append the headers, you'd set a custom (whatever you want) session variable during Access Policy execution, then you can use something like this on the APM vs:
when ACCESS_ACL_ALLOWED { if { [ACCESS::session data get "session.somecustomvariableyoucansetintheaccesspolicy"] contains "somevalueyousetforlightmode" } { HTTP::header replace "X-Experience" "light" } else { HTTP::header replace "X-Experience" "premium" } }- Kai_Wilke
MVP
Hi Lucas, the outlined code to mimic the "X-Experience" functionality of Forefront TMGs is not complete/correct. The valid "X-Experience" header values are "Premium" or "Basic". In addition a Forefront TMG changes the User-Agent-header value to a non-MSIE browser if Light-Mode is selected. The Public/Private-Mode setting of Forefront TMGs has beside of the "X-LogonType"-Headers some additional server-side (aka. TMG) and also client-side (aka. Browser) functionality. Basically it enables two independent TMG-Login-Cookie profiles to controll the Max-Session-Lifetime/Max-Session-Timeout and also enables persistent cookies for the private mode (e.g. required for SharePoint Browser/Office SSO Scenarios). In addition the Private-Mode stores the last-entered username string into a client-side generated cookie to autofill the username for subsequent logons. Cheers, Kai
- Kai_Wilke
Hi Rosieodonell,
your provided link outlines the required APM-Forms customizations to include Public/Private-Mode radio buttons and a Light-Mode checkbox, and then continues to outline a Forms-based SSO-Object to relay the collected Public/Private/Light-Mode selections to an OWA-Forms-Login site.
So if you're aiming for Kerberos/NTLM/Basic cedential delegation (as performed by Forefront TMG), you don't need to relay the collected Public/Private/Light-Mode selections to your OWA. Just insert the
andX-Experience
headers in transit (as shown by Lucas) and change the User-Agent to as needed. In addition you may want to implement a mechanism in VPE to validate the collected Public/Private-Mode selection and then overwrite the predefined session variables "Inactivity Timeout" and "Maximum Session Timeout" using an additional "Variable Assign" action. To selectively enable/disable cookie persistence for Private/Public Mode you may want to use aX-LogonType
iRule to add cookie expires values to theHTTP_RESPONSE_RELEASE
andMRHSession
cookies.LastMRH_SessionCheers, Kai
