cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

APM VIP with exchange servers and NTLM authentication

Kaloyan
Cirrus
Cirrus

I used the exchange 2016 iApp ( latest version) to setup one VIP with all services behind it.

The problem is that /mapi* should be with NTLM authentication, but rest of it like /owa is using basic authentication.

Right now the policy is setup with logon page -> LDAP Authentication -> SSO credential mapping - Allow

Pretty standard. The question is, could I insert upfront logon page NTLM check based on URI ?

Something like this :

 

 

0691T000008tcznQAA.png

and iRule , if needed :

when HTTP_REQUEST { 

  if { [HTTP::uri] starts_with "/mapi" } { 

    ECA::enable 

    ECA::select select_ntlm:/Common/ntlm-auth-exchange-2016 

  } else { 

    ECA::disable 

  } 

}

2 REPLIES 2

youssef1
Cumulonimbus
Cumulonimbus

Hello Kaloyan,

 

Did you use an Exchange profile?

Because you can easly set frontend Authentification and SSO by URL/Service:

 

 

0691T000008tdGoQAI.png

 

Regards

 

 

Hi youssef,

yes, I have exchange profile.

Can I borrow one of the predefined Service Settings and add /mapi* instead of /ews* for example ?

And probably will need to add SSO Configuration with Kerberos for NTLM ?

Should I change the policy as well with some NTLM checks ?

Do I need this ECA enabled on the VIP ?

So many questions 🙂

0691T000008tdJ9QAI.png