How to get /owa and /ecp to wortk with forms-based reverse authentication

I'm struggling with getting UTM 9.2 to support both /owa and /ecp when using Reverse Authentication. Here's my configuration:

Virtual Webserver: mail.***.net with Pass Host Header enabled
Real Webserver: Exchange 2010 CAS server on port 443
Site Path Routes:
/owa using Reverse Authentication Profile "OWA"
/ecp using Reverse Authentication Profile "ECP"
Authentication Profiles:
OWA using Form for frontend mode, basic for backend mode and mail for realm
ECP using Form for frontend mode, basic for backend mode and mail2 for realm

If I browse to https://mail.***.net/owa, I'm presented with the UTM form using the mail realm and can login and access my mail. If I try to add a mailbox rule - which uses ECP - I'm again presented with the UTM form with mail2 as the realm and have to login again.

Once I'm logged in to both /owa and /ecp, I can switch between my mailbox and my settings.

My question is how to I configure /ecp so my credentials are simply passed through after signing in to OWA?

I tried using the same authentication profile for /owa and /ecp but that only allows me to connect the ECP. I can't access my mailbox.

Any help would be appreciated.

Parents

0 mod2402 over 10 years ago

Up2Date 9.202033 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected Wifi APs will perform firmware upgrade
Connected RED devices will perform firmware upgrade
Fix for #31374 can cause issue if using client authentication with more than 170 groups referenced in rules

News:
Mobile Protection feature release
* push VPN and Wifi configurations to Sophos Mobile Control
* disable VPN and Wifi for non-compliant mobile devices
.
OTP: allow to define bigger windows of time difference to better support hardware tokens

Bugfixes:
Fix [24445]: Windows Live-ID Sign In assistant breaks Kerberos authentication
Fix [24855]: Hungarian keyboard layout get lost when starting a HTML5VPN RDP session
Fix [30127]: [BETA] Strict TCP session handling
Fix [30502]: Rev. Auth.: session management with multiple profiles
Fix [30522]: [BETA] Tunnel broker Hurricane Electric broken
Fix [30736]: [BETA] AD SSO Transparent mode conflicts with WAF
Fix [30792]: [BETA] DLP: Incorrect DLP behaviour when no routing domains are configured
Fix [31077]: increase window of allowed OTP tokencodes for the very first authentication
Fix [31078]: implement option for manual and automatic sync of time drift of hardware OTP tokens to UTM
Fix [31100]: Import of Filter Exceptions from UTM to SUM fails
Fix [31118]: httpproxy 'srcip' debugging does not contain all auth_transparent.c debug entries [9.2]
Fix [31121]: DHCP mapping comments gets lost by upgrading to 9.100 [9.2]
Fix [31173]: SSL VPN Client crashes on 64 Bit Machines
Fix [31175]: Redirect with port number on backend leads to invalid Location header on frontend [9.2]
Fix [31236]: 'Force caching for Sophos Endpoint updates' still doesn't work correctly everytime
Fix [31238]: mod_proxy_msrpc: segmentation fault on backend connection access [9.2]
Fix [31374]: Correctly account Confd ipsets consumed by user and group networks
Fix [31386]: Regression: Wrong AD SSO backend group matching since 9.200
Fix [31508]: [UBB] DynDNS: Wrong update URL for namecheap.com
Fix [31527]: [CVE-2014-2891] DoS vulnerability in strongSwan
Fix [31541]: "Web Protection Manager" role is missing necessary rights
Fix [31627]: REDs without connection to the provisioning server can't install the new firmware after up2date to 9.2

RPM packages contained:
libopenssl1_0_0-1.0.1g-1.1.3.g85a91e6.rb1.i686.rpm
libopenssl1_0_0_httpproxy-1.0.1g-1.1.3.g85a91e6.rb1.i686.rpm
client-iphone-9.20-2.ge38f859.noarch.rpm
client-openvpn-9.20-9.g8453851.noarch.rpm
cm-nextgen-agent-9.20-31.gf05bc9c.i686.rpm
ddclient-3.8.1-20.g84b2a96.noarch.rpm
ipv6-hurricane-9.20-3.ge72ca5c.i686.rpm
modauthnzaua-9.20-127.gf5ba44a.i686.rpm
modproxymsrpc-9.20-107.g1db68d8.i686.rpm
openssl-1.0.1g-1.1.3.g85a91e6.rb1.i686.rpm
perf-tools-3.8.13.15-119.g03ba714.i686.rpm
perl-IO-Socket-INET6-2.72-2.66.g135466a.noarch.rpm
postgresql92-9.2.8-0.g2955dda.rb1.i686.rpm
red-firmware2-3051-0.g39a560b.noarch.rpm
ulogd-2.1.0-91.g1a548a2.i686.rpm
ep-aua-9.20-31.g2568d79.i686.rpm
ep-awed-9.20-17.g2073538.i686.rpm
ep-confd-9.20-376.g1be3a42.i686.rpm
ep-confd-tools-9.20-203.g4c78df0.i686.rpm
ep-ha-daemon-9.20-16.gaf3d705.i686.rpm
ep-localization-afg-9.20-11.gf7bfda0.i686.rpm
ep-localization-ang-9.20-11.gf7bfda0.i686.rpm
ep-localization-asg-9.20-11.gf7bfda0.i686.rpm
ep-localization-atg-9.20-11.gf7bfda0.i686.rpm
ep-localization-aug-9.20-11.gf7bfda0.i686.rpm
ep-logging-9.20-1.gcd6f9d8.i686.rpm
ep-mdw-9.20-245.g7860392.i686.rpm
ep-postgresql92-9.20-15.ga9fc283.i686.rpm
ep-repctl-0.1-0.162474588.gef80485.i686.rpm
ep-screenmgr-9.20-12.g32e47e2.i686.rpm
ep-tools-9.20-10.gb1818b3.i686.rpm
ep-webadmin-9.20-424.g03a8e74.i686.rpm
ep-webadmin-contentmanager-9.20-33.gc028147.i686.rpm
ep-wireless-firmware-5024-0.g605aa02.i586.rpm
ep-chroot-dhcps-9.20-2.g2cf1614.noarch.rpm
ep-chroot-smtp-9.20-121.g8e314ff.i686.rpm
chroot-ipsec-9.20-8.g49f615d.i686.rpm
chroot-reverseproxy-2.4.4-333.g69b2ad3.i686.rpm
ep-httpproxy-9.20-119.g2049dde.i686.rpm
kernel-smp-3.8.13.15-119.g03ba714.i686.rpm
kernel-smp64-3.8.13.15-119.g03ba714.x86_64.rpm
ep-release-9.202-33.noarch.rpm

I'll test now [:)]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 mod2402 over 10 years ago

Up2Date 9.202033 package description:

Remarks:
System will be rebooted
Configuration will be upgraded
Connected Wifi APs will perform firmware upgrade
Connected RED devices will perform firmware upgrade
Fix for #31374 can cause issue if using client authentication with more than 170 groups referenced in rules

News:
Mobile Protection feature release
* push VPN and Wifi configurations to Sophos Mobile Control
* disable VPN and Wifi for non-compliant mobile devices
.
OTP: allow to define bigger windows of time difference to better support hardware tokens

Bugfixes:
Fix [24445]: Windows Live-ID Sign In assistant breaks Kerberos authentication
Fix [24855]: Hungarian keyboard layout get lost when starting a HTML5VPN RDP session
Fix [30127]: [BETA] Strict TCP session handling
Fix [30502]: Rev. Auth.: session management with multiple profiles
Fix [30522]: [BETA] Tunnel broker Hurricane Electric broken
Fix [30736]: [BETA] AD SSO Transparent mode conflicts with WAF
Fix [30792]: [BETA] DLP: Incorrect DLP behaviour when no routing domains are configured
Fix [31077]: increase window of allowed OTP tokencodes for the very first authentication
Fix [31078]: implement option for manual and automatic sync of time drift of hardware OTP tokens to UTM
Fix [31100]: Import of Filter Exceptions from UTM to SUM fails
Fix [31118]: httpproxy 'srcip' debugging does not contain all auth_transparent.c debug entries [9.2]
Fix [31121]: DHCP mapping comments gets lost by upgrading to 9.100 [9.2]
Fix [31173]: SSL VPN Client crashes on 64 Bit Machines
Fix [31175]: Redirect with port number on backend leads to invalid Location header on frontend [9.2]
Fix [31236]: 'Force caching for Sophos Endpoint updates' still doesn't work correctly everytime
Fix [31238]: mod_proxy_msrpc: segmentation fault on backend connection access [9.2]
Fix [31374]: Correctly account Confd ipsets consumed by user and group networks
Fix [31386]: Regression: Wrong AD SSO backend group matching since 9.200
Fix [31508]: [UBB] DynDNS: Wrong update URL for namecheap.com
Fix [31527]: [CVE-2014-2891] DoS vulnerability in strongSwan
Fix [31541]: "Web Protection Manager" role is missing necessary rights
Fix [31627]: REDs without connection to the provisioning server can't install the new firmware after up2date to 9.2

RPM packages contained:
libopenssl1_0_0-1.0.1g-1.1.3.g85a91e6.rb1.i686.rpm
libopenssl1_0_0_httpproxy-1.0.1g-1.1.3.g85a91e6.rb1.i686.rpm
client-iphone-9.20-2.ge38f859.noarch.rpm
client-openvpn-9.20-9.g8453851.noarch.rpm
cm-nextgen-agent-9.20-31.gf05bc9c.i686.rpm
ddclient-3.8.1-20.g84b2a96.noarch.rpm
ipv6-hurricane-9.20-3.ge72ca5c.i686.rpm
modauthnzaua-9.20-127.gf5ba44a.i686.rpm
modproxymsrpc-9.20-107.g1db68d8.i686.rpm
openssl-1.0.1g-1.1.3.g85a91e6.rb1.i686.rpm
perf-tools-3.8.13.15-119.g03ba714.i686.rpm
perl-IO-Socket-INET6-2.72-2.66.g135466a.noarch.rpm
postgresql92-9.2.8-0.g2955dda.rb1.i686.rpm
red-firmware2-3051-0.g39a560b.noarch.rpm
ulogd-2.1.0-91.g1a548a2.i686.rpm
ep-aua-9.20-31.g2568d79.i686.rpm
ep-awed-9.20-17.g2073538.i686.rpm
ep-confd-9.20-376.g1be3a42.i686.rpm
ep-confd-tools-9.20-203.g4c78df0.i686.rpm
ep-ha-daemon-9.20-16.gaf3d705.i686.rpm
ep-localization-afg-9.20-11.gf7bfda0.i686.rpm
ep-localization-ang-9.20-11.gf7bfda0.i686.rpm
ep-localization-asg-9.20-11.gf7bfda0.i686.rpm
ep-localization-atg-9.20-11.gf7bfda0.i686.rpm
ep-localization-aug-9.20-11.gf7bfda0.i686.rpm
ep-logging-9.20-1.gcd6f9d8.i686.rpm
ep-mdw-9.20-245.g7860392.i686.rpm
ep-postgresql92-9.20-15.ga9fc283.i686.rpm
ep-repctl-0.1-0.162474588.gef80485.i686.rpm
ep-screenmgr-9.20-12.g32e47e2.i686.rpm
ep-tools-9.20-10.gb1818b3.i686.rpm
ep-webadmin-9.20-424.g03a8e74.i686.rpm
ep-webadmin-contentmanager-9.20-33.gc028147.i686.rpm
ep-wireless-firmware-5024-0.g605aa02.i586.rpm
ep-chroot-dhcps-9.20-2.g2cf1614.noarch.rpm
ep-chroot-smtp-9.20-121.g8e314ff.i686.rpm
chroot-ipsec-9.20-8.g49f615d.i686.rpm
chroot-reverseproxy-2.4.4-333.g69b2ad3.i686.rpm
ep-httpproxy-9.20-119.g2049dde.i686.rpm
kernel-smp-3.8.13.15-119.g03ba714.i686.rpm
kernel-smp64-3.8.13.15-119.g03ba714.x86_64.rpm
ep-release-9.202-33.noarch.rpm

I'll test now [:)]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data