This document is a small overview on how to casify Outlook Web Access 2010. The instructions are very similar to that of previous versions of Exchange (2007, 2003) and should work just as well. A small section at the end highlights the changes introduced in the 2010 version.
OS: Windows 2008 R2 x86_64
Exchange Version: 2010
CAS: 3.4.11, 3.4.12, 3.5.0
ClearPass: 1.0.8 GA, 3.5.0
Java Version: Sun JDK 1.6.0_27
Dev Environment: Visual Studio 2010 Professional
- Download the source and open up the project in Visual Studio.
- Modify the Web.config file with the appropriate settings for your environment:
- Publish the project to "c:\casowa".
- In IIS, create a Web Application with the name "coa" and point it to the path above.
Add the IIS server certificate to the Java keystore.
- Add the CAS server certificate to the Microsoft Management Console using MMC.exe. The certificates must be installed into the Trusted Root Certification Authorities for Current User and Local Computer.
Finally you have to allow this proxy in CAS's web.xml by adding this to CAS Validation Filter. (Note: See the ClearPass configuration on the wiki for CAS v3.5.0)
Now when you go to https://owa-server-address/coa/auth you should be redirected to the CAS Login Page and after a successful authentication you should be redirected to your mailbox https://owa-server-address/owa
- You can configure the log4net debug level and location of the log in the Web.config file:
- You can configure the trace output location and level in the Web.config file:
- To examine the status of IIS requests, browse to "C:\inetpub\logs\LogFiles\W3SVC1" and locate the proper log file.
- On the OWA server, you could use the following script to examine authentication issues. The script attempts to issue a login request to OWA with the right set of credentials and will redirect to the user's inbox if successful.
If you receive the following error:
Inside IIS, bring up the Advanced Settings for the Application Pool of the "coa" virtual application. Set the "Load User Profile" to "True". Also, on the "casowa" directory, you may want to allow the "IIS_IUSRS" process sufficient permissions to read, modify and execute.
- A valid user agent must also be passed as a post parameter. Otherwise a "400 - Bad Request" server error is received when examining the response.