000037338 - OWA HFED integration error with RSA SecurID Access

Document created by RSA Customer Support Employee on Apr 11, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037338
Applies ToRSA Product Set:  SecurID Access
RSA Product/Service Type: Cloud Authentication Service
IssueThe Microsoft Outlook Web Access (OWA) 2013 HTTP Federation Proxy catalog application has been correctly configured.
However users cannot login to OWA from the application portal:  The following message is seen:
Unsuccessful logon

CauseThe connector is checking for English responses from the OWA application such as "Opening your mailbox."  Responses in another language will cause the log on to fail.
WorkaroundInstead of using the OWA 2013 catalog item, create a generic HFED application from a template:
  1. Login to the Administration Console and navigate to Applications > My Applications > Add an Application > Create From Template > Choose HTTP Federation Proxy
  2. Input a Name for your application and click Next Step.
  3. Select Connection Method as Manual and click Next Step.
  4. In the Connection Profile section enter:
    • Logon Form URL:  https:<your-OWA-server>/owa/authlogon.aspx
    • Logon Form Actionhttps://<your-OWA-server>/owa/auth.owa
    • Logon Form Fields and Input Value Types


 isUtf8Use Form Value 
passwordTextpasswordTextConstant Value 
 destinationUse Form Value 
 forcedownlevelUse Form Value 
 flagsUse Form Value 

  1. In Failure Detection enter Indicator: VISIBLE_TEXT, Criteria: Does Not Contain, and Value: <string OWA returns for successful login>.  For German, for example, this string is "the Postfach wird geoffnet"
  2. Click Next Step.
  3. In the Proxy Settings create two Web Servers, as follows:
    1. Proxy Hostname:  help-outlook-com.<your-protected-domain-name>, Real Hostname:  help outlook.com, Rewrite Rules: Substitute "s|help.outlook.com|help-outlook-com.%DOMAIN_NAME%|qin"
    2. Proxy Hostname:  owa-hfed.<your-protected-domain-name>, Real Hostname:  <your-OWA-server>, Rewrite Rules: Substitute "s|help.outlook.com|help-outlook-com.%DOMAIN_NAME%|qin"
    3. Custom Headers:  Check Verify Certificates checkbox and click Next Step
  4. Set the User Access and Portal Display sections as desired.
  5. Save and publish.