Forum Discussion

Basavaraj's avatar
Basavaraj
Icon for Altostratus rankAltostratus
Mar 27, 2021

exchange 2013 owa logout page redirect back to apm login page

Hi Experts,

 

We have deployed 2013 exchange owa sso using f5 APM, from outside users can access https://mail.emmcc.com, users get apm login page and customer provides AD credentials and they will diretly log into outlook. When users click the log-out page users are getting an exchange log-out page. we want users to be redirected to apm login page when they click on the outlook logout.

 

would like to know if this possible to do if yes how can I achieve this?

 

Thanks

Basavaraj

APM
application delivery
BIG-IP
security

4 Replies

Sort By
  • Daniel_Wolf's avatar
    Daniel_Wolf
    Icon for MVP rankMVP
    Mar 27, 2021

    Hi Basavaraj,

    there is a deployment guide for Microsoft Exchange Server 2016, which I think is also applicable to 2013.

    DEPLOYMENT GUIDE - Microsoft Exchange Server 2016 (BIG-IP v11 - v13: LTM, APM, AFM)

    Scroll all the way down to "Creating the iRule to terminate inactive APM sessions if using Forms-based authentication for OWA (default)".

    This will terminate the session on APM and you will see this:

     

    For simplicity, here is the iRule

    when RULE_INIT {
 set static::cookie_sessionid [format "sessionid=null; path=/; Expires=Thu, 01-Jan-1970 00:00:00 GMT;"]
 set static::cookie_cadata [format "cadata=null; path=/; Expires=Thu, 01-Jan-1970 00:00:00 GMT;"]
 set static::cookie_usercontext [format "UserContext=null; path=/; Expires=Thu, 01-Jan-1970 00:00:00 GMT;"]
}
when ACCESS_SESSION_STARTED {
 if { [string tolower [HTTP::uri]] contains "ua=0" } {
 ACCESS::session remove
 }
}
when ACCESS_ACL_ALLOWED {
 set apm_mrhsession [HTTP::cookie value "MRHSession"]
 if { [table lookup $apm_mrhsession] == "EXCHANGE_LOGOUT" } {
 ACCESS::session remove
 table delete $apm_mrhsession
 }
}
when HTTP_REQUEST {
 set isset 0
 if {[string tolower [HTTP::uri]] starts_with "/owa" } {
 if {[string tolower [HTTP::uri]] contains "logoff" } {
 ACCESS::session remove
 HTTP::respond 302 Location "https://[HTTP::host]/vdesk/hangup.php3" "Set-Cookie" $static::cookie_sessionid "Set-Cookie" $static::cookie_cadata "Set-Cookie" $static::cookie_usercontext
 } else {
 if { [string tolower [HTTP::uri]] contains "ua=0" } {
 set mrhsession [HTTP::cookie value "MRHSession"]
 set isset 1
 }
 }
 }
}
when HTTP_RESPONSE {
 if { $isset == 1 } {
 if { $mrhsession != "" && [HTTP::status] == 440 } {
 table set $apm_mrhsession "EXCHANGE_LOGOUT"
 return
 }
 }
}
    • Basavaraj's avatar
      Basavaraj
      Icon for Altostratus rankAltostratus
      Mar 27, 2021

      Dear Danial,

       

      Thanks for your response

       

      we have deployed the owa sso with 2013 iapp template, there are a couple rules are already created, do you want me to edit any one of the irule or do you want me to add this irule to the virtual server?

       

      Thank you

      Basavaraj

      • Daniel_Wolf's avatar
        Daniel_Wolf
        Icon for MVP rankMVP
        Mar 27, 2021

        You could check if there is an iRule with the same or similar content created by the iApp and attached to the VS. If not, create this one, add it to the VS and give it a shot.

         

        Also, when using iApp prior to version v1.0.1rc1, there was an issue where users were unable to logout of an APM session after clicking logout from OWA. The issue has been corrected in iApp version v1.0.1rc1. Always make sure to use the latest iApp version. IMHO it is perfectly OK to use the RC versions.