Forum Discussion

kj07208_118528's avatar
kj07208_118528
Icon for Cirrus rankCirrus
Apr 21, 2014

SharePoint and Office Integration - Part 2?

After doing some investigation from question "SharePoint and Office Integration using different browsers?" Ok I have the persisted cookie and session I know that there's OWA but it's not full feature (user have some complex Word and Excel files). The ActiveX control are not the problem - Using Fiddler I can see the request go out and come back it's the 302 to my.policy I have the following iRule to try to send incoming requests from Office user agent

when HTTP_REQUEST {
  log local0. ".......[HTTP::header User-Agent]"

  if { [HTTP::header User-Agent] contains "Microsoft-WebDAV-MiniRedir" } {
  log local0. ".......Header does contain info *****************************"
    HTTP::header insert "clientless-mode" 1
  }
}

when ACCESS_SESSION_STARTED {
   log local0. "**** Access Session Started ............"
   log local0. "Checking for cookies .................."

   ACCESS::session data set session.custom.usesso 0
   ACCESS::session data set session.custom.useWindowsAuth 0
   set usesso [HTTP::cookie UseSso_ClientServices]

   log local0. ">>>> Cookie value  ...($usesso)"
   if { $usesso == 1 }{
   log local0. ">>>> Setting   ...($usesso)"

    HTTP::header insert "clientless-mode" 1
     ACCESS::session data set session.custom.usesso $usesso
   }

   set user_agent [ACCESS::session data get "session.user.agent"]
   log local0. ">>> User Agent = $user_agent"

   if { $user_agent contains "MS-WebServices" }{
     HTTP::header insert "clientless-mode" 1
     log local0. "^^^^^^^^^ MS Web Serivce"
     ACCESS::session data set session.custom.useWindowsAuth 1
   }

   if { $user_agent == "Microsoft Office Protocol Discovery" }{
    HTTP::header insert "clientless-mode" 1
     log local0. "^^^^^^^^^ Office Product"
     ACCESS::session data set session.custom.useWindowsAuth 1
   }
   if { $user_agent contains "Microsoft-WebDAV-MiniRedir" }{
     log local0. "^^^^^^^^ WebDav"
     ACCESS::session data set session.custom.useWindowsAuth 1
   }
   log local0. ">>>VAR UseSSO ... ($usesso)"
   log local0. ">>> UseWinAuth variable set ... [ACCESS::session data get session.custom.useWindowsAuth]"
}

But it still not working do I need to do the clientless-mode in the HTTP_REQUEST?

application delivery
BIG-IP Access Policy Manager (APM)
devops
iRules
security
sharepoint 2010

3 Replies

Sort By
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Apr 21, 2014

    Yes. The clientless-mode header insert needs to be in the HTTP_REQUEST event to be seen by the access filter. You may also need to set it for more than just the WebDAV user agent.

     

  • Daphne_Won's avatar
    Daphne_Won
    Ret. Employee
    Feb 02, 2017

    @KJ07208 and @Stanislas, I am a Product Manager for F5 APM. I like to see if you have deployed OFBA iRules to support authentication access from native Office apps to Sharepoint on-prem without web session. Can you email me to see what authentication methods you need, what version of the Office clients you need to support, and what versions of the Sharepoints you have deployed for? You can email me at d.won@.