OWA 2013 SSO - Client initiated form Logout
Hi! I currently have SSO working to log into OWA 2013 via a client-initiated form. I am having an issue with the logout functionality though. Currently when a user presses logout from OWA it loops back into itself and never logs the user out (browser close required to logout). I've used the "Deploying F5 with Microsoft Exchange 2013..." guide to set up the login part. This guide describes the following iRule to terminate inactive APM sessions (which also seems to include a logout feature). when RULE_INIT { set static::cookie_sessionid [format "sessionid=null; path=/; Expires=Thur, 01-Jan-1970 00:00:00 GMT;"] set static::cookie_cadata [format "cadata=null; path=/; Expires=Thur, 01-Jan-1970 00:00:00 GMT;"] set static::cookie_usercontext [format "UserContext=null; path=/; Expires=Thur, 01-Jan-1970 00:00:00 GMT;"] } when ACCESS_SESSION_STARTED { if { [string tolower [HTTP::uri]] contains "ua=0" } { ACCESS::session remove } } when ACCESS_ACL_ALLOWED { set apm_mrhsession [HTTP::cookie value "MRHSession"] if { [table lookup $apm_mrhsession] == "EXCHANGE_LOGOUT" } { ACCESS::session remove table delete $apm_mrhsession } } when HTTP_REQUEST { set isset 0 if {[string tolower [HTTP::uri]] starts_with "/owa" } { if {[string tolower [HTTP::uri]] contains "logoff" } { ACCESS::session remove HTTP::respond 302 Location "https://[HTTP::host]/vdesk/hangup.php3" "Set-Cookie" $static::cookie_sessionid "Set-Cookie" $static::cookie_cadata "Set-Cookie" $static::cookie_usercontext } else { if { [string tolower [HTTP::uri]] contains "ua=0" } { set mrhsession [HTTP::cookie value "MRHSession"] set isset 1 } } } } when HTTP_RESPONSE { if { $isset == 1 } { if { $mrhsession != "" && [HTTP::status] == 440 } { table set $apm_mrhsession "EXCHANGE_LOGOUT" return } } } Currently when a user logs out I see it hit: Which then loops directly back into: What am I missing here? Any tips would be great! ThanksNeed help with Client-Initiated Form SSO
Standard forms-based SSO doesn't work with a home-grown web app I am trying to get SSO working for. I've read through the manual page for APM for client-initiated forms. Following that manual I still can't get it to work. Below is the sequence for the web page on how you get to the POST of the forms. 1) GET 2) Response is a 302 to 3) The GET to results in a 302 to dynamic string here" 4) POST to dynamic string here" with forms for redirectUrl (blank value), userName, and password. Below is my current config. I can't find a way to include the redirectUrl form parameter with a blank value. I'm not certain that is why it isn't working. I think that, combined with I don't know how to set this up to capture that dynamic string and pass that through as part of the request-value, is why it isn't working. As usual any help is much appreciated. My testing indicates that including that dynamic string is necessary. forms { FormProfileName { controls { password { secure true value "%{session.sso.token.last.password}" } userName { secure true value "%{session.sso.token.last.username}" } } request-value https://www.webapp.org/abc/portal/connect/home/login/ success-match-type url success-match-value /abc/myportal/connect/home/word/* } }
Setting up Single Sign-On Form-based client-initiated with 2 forms login page
Hello, I want to set up a Single Sign-on Form based client-initiated for an application that the login page has 2 forms that process the logon, for example: I'm following the instructions outlined in link text without any success. The farthest i have come with my setup is that the single sign-on works but leave me in a page that is not the user home page, in order to get there, i've to write the full URL in the browser address bar. I created a wireshark capture when i clicked on the login button in the original login page (not the login page from APM, i mean the server login page) and it generates a POST method to /WebInterface/function/, and then a POST to /. When i clicked on the login button from APM, it generate just one POST, it is the POST to /, and it authenticate successfully, but i don't see the POST to /WebInterface/function/, that is why i've to write http://myhost.mydomain.com/WebInterface/function/ in order to get the user home page. Do i have to custom the javascript injected? Can you help me how can i set up single sign-on for this kind of login page?, the examples i've reviewed just show single sign-on with one form.
