This document is a small overview on how to casify Outlook Web Access 2010. The instructions are very similar to that of previous versions of Exchange (2007, 2003) and should work just as well. A small section at the end highlights the changes introduced in the 2010 version.
OS: Windows 2008 R2 x86_64
Exchange Version: 2010
CAS: 3.4.11, 3.4.12, 3.5.0
ClearPass: 1.0.8 GA, 3.5.0
Java Version: Sun JDK 1.6.0_27
Dev Environment: Visual Studio 2010 Professional
- Download the source and open up the project in Visual Studio.
The project target framework is set to address the .NET framework 3.5. This is required by IIS to be able to load the module. (You may have to configure the IIS application pool to adjust for the proper target framework)
- Modify the Web.config file with the appropriate settings for your environment:
- Publish the project to "c:\casowa".
- In IIS, create a Web Application with the name "coa" and point it to the path above.
You'll need to make sure IIS has read/execute access to the project directory.
Add the IIS server certificate to the Java keystore.
- Add the CAS server certificate to the Microsoft Management Console using MMC.exe. The certificates must be installed into the Trusted Root Certification Authorities for Current User and Local Computer.
If any of the certificates are issued by second certificate, you'll need to make sure ALL certs in the path are properly installed and are available in both the Java keystore and MMC. For CAS certificates that are installed in MMC, check the status of the certificate to make it has no issues and test the certificate in your browser by navigating to the address associated with it.
Finally you have to allow this proxy in CAS's web.xml by adding this to CAS Validation Filter. (Note: See the ClearPass configuration on the wiki for CAS v3.5.0)
Now when you go to https://owa-server-address/coa/auth you should be redirected to the CAS Login Page and after a successful authentication you should be redirected to your mailbox https://owa-server-address/owa
- You can configure the log4net debug level and location of the log in the Web.config file:
- You can configure the trace output location and level in the Web.config file:
- To examine the status of IIS requests, browse to "C:\inetpub\logs\LogFiles\W3SVC1" and locate the proper log file.
- On the OWA server, you could use the following script to examine authentication issues. The script attempts to issue a login request to OWA with the right set of credentials and will redirect to the user's inbox if successful.
If you receive the following error:
System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=188.8.131.52, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
Inside IIS, bring up the Advanced Settings for the Application Pool of the "coa" virtual application. Set the "Load User Profile" to "True". Also, on the "casowa" directory, you may want to allow the "IIS_IUSRS" process sufficient permissions to read, modify and execute.
- A valid user agent must also be passed as a post parameter. Otherwise a "400 - Bad Request" server error is received when examining the response.