Forum Discussion
4 Replies
- By default it is set to 8 hours for more information.
- Lucas_Thompson_Historic F5 Account
If you're not using forms in OWA, you have to access those options by inserting some special headers. This is the same thing that Forefront/TMG/whatever does when it does Forms Auth --> HTTP Auth. Like you're doing with APM.
Two headers "X-Experience" and "X-LogonType" control it:
X-Experience can be "premium" or "light". X-LogonType can be "public" or "private".
To append the headers, you'd set a custom (whatever you want) session variable during Access Policy execution, then you can use something like this on the APM vs:
when ACCESS_ACL_ALLOWED { if { [ACCESS::session data get "session.somecustomvariableyoucansetintheaccesspolicy"] contains "somevalueyousetforlightmode" } { HTTP::header replace "X-Experience" "light" } else { HTTP::header replace "X-Experience" "premium" } }
- Hi Lucas, the outlined code to mimic the "X-Experience" functionality of Forefront TMGs is not complete/correct. The valid "X-Experience" header values are "Premium" or "Basic". In addition a Forefront TMG changes the User-Agent-header value to a non-MSIE browser if Light-Mode is selected. The Public/Private-Mode setting of Forefront TMGs has beside of the "X-LogonType"-Headers some additional server-side (aka. TMG) and also client-side (aka. Browser) functionality. Basically it enables two independent TMG-Login-Cookie profiles to controll the Max-Session-Lifetime/Max-Session-Timeout and also enables persistent cookies for the private mode (e.g. required for SharePoint Browser/Office SSO Scenarios). In addition the Private-Mode stores the last-entered username string into a client-side generated cookie to autofill the username for subsequent logons. Cheers, Kai
Hi Rosieodonell,
your provided link outlines the required APM-Forms customizations to include Public/Private-Mode radio buttons and a Light-Mode checkbox, and then continues to outline a Forms-based SSO-Object to relay the collected Public/Private/Light-Mode selections to an OWA-Forms-Login site.
So if you're aiming for Kerberos/NTLM/Basic cedential delegation (as performed by Forefront TMG), you don't need to relay the collected Public/Private/Light-Mode selections to your OWA. Just insert the
andX-Experience
headers in transit (as shown by Lucas) and change the User-Agent to as needed. In addition you may want to implement a mechanism in VPE to validate the collected Public/Private-Mode selection and then overwrite the predefined session variables "Inactivity Timeout" and "Maximum Session Timeout" using an additional "Variable Assign" action. To selectively enable/disable cookie persistence for Private/Public Mode you may want to use aX-LogonType
iRule to add cookie expires values to theHTTP_RESPONSE_RELEASE
andMRHSession
cookies.LastMRH_Session
Cheers, Kai