I used the Exchange iApp to build the initial configuration and then changed a little bit to accomplish SSO between multiple VIPs (we tested with a third VIP and it works great). As I sad before we currently only have 2 VIPs, and yes we'll use the credentials from outlook, or any other site, to access multiple sites within the same domain (i.e. SharePoint, some customer apps and etc.), therefore multiple VIPs.
The Exchange iApp is configure on an APM box (BIG-IP APM will provide secure remote access to CAS) and the load balancing is done on a LTM running on a separate box.
Exchange iApp Config:
BIG-IP APM will provide secure remote access to CAS
Exchange Server 2010
AD authentication (4 AD servers)
SSL Offloading
WAN connections
OWA and ActiveSync Deployed
Multiple Domain SSO config:
Domain Mode: Multiple Domains
Primary Authentication URI: https://authentication.example.com
Primary Cookie Optios: Secire
SSO Configuration: HTTP Basic
Authentication Domains - Only one for now:
Cookie: DOmain - outlook.example.com
Cookie Options: Secure and Persistent
SSO COnfiguration: HTTP Basic
Thanks,
Pedro