Terrence
May 30, 2012Nimbostratus
Edge Gateway-OWA 2010 sp2 session timeout and double login page
So I wrote this long post of two issues we are having with the exchange/apm implementation, however it was denied. So heres the coles notes version:
1) double login prompt
sso matches on /owa/&reason=0
This page redirects to another login page using javascript
sso has already happened at this point so I just change the uri to '/owa/'
when HTTP_REQUEST {
if {([HTTP::uri] == "/") } {
HTTP::uri /owa
}
set req_uri [HTTP::uri]
if { $req_uri starts_with "/owa/auth/logon.aspx?replaceCurrent=1" } {
HTTP::uri /owa
}
unset req_uri
}
2) The second issue is that the users session never times out. The reason is highlighted here http://support.microsoft.com/kb/2478286. When user times out server returns a response code of 440 Login Timeout. I watch for this response code and remove the session and redirect back to owa.
when HTTP_RESPONSE {
if { [HTTP::status] == 440 } {
set apm_cookie [HTTP::cookie value MRHSession]
if { $apm_cookie != "" && [ACCESS::session exists $apm_cookie] } {
ACCESS::session remove
HTTP::redirect "http://mymail.humber.ca/"
}
}
}
The second rule hasn't been tested thoroughly, but the implementation period here will be long, so I will have a long time to test.
Now lets hope I can submit this timeSo I wrote this long post of two issues we are having with the exchange/apm implementation, however it was denied. So heres the coles notes version:
1) double login prompt
sso matches on /owa/&reason=0
This page redirects to another login page using javascript
sso has already happened at this point so I just change the uri to '/owa/'
when HTTP_REQUEST {
if {([HTTP::uri] == "/") } {
HTTP::uri /owa
}
set req_uri [HTTP::uri]
if { $req_uri starts_with "/owa/auth/logon.aspx?replaceCurrent=1" } {
HTTP::uri /owa
}
unset req_uri
}
2) The second issue is that the users session never times out. The reason is highlighted here http://support.microsoft.com/kb/2478286. When user times out server returns a response code of 440 Login Timeout. I watch for this response code and remove the session and redirect back to owa.
when HTTP_RESPONSE {
if { [HTTP::status] == 440 } {
set apm_cookie [HTTP::cookie value MRHSession]
if { $apm_cookie != "" && [ACCESS::session exists $apm_cookie] } {
ACCESS::session remove
HTTP::redirect "http://mymail.humber.ca/"
}
}
}
The second rule hasn't been tested thoroughly, but the implementation period here will be long, so I will have a long time to test.
Third attempt at posting. This time I copied and pasted.