Configuring Outlook Web Access 2003 with Single Sign-on using Novell Access Manager

This document explains how to set up Outlook Web Access 2003 with Novell Access Manager 3.0 with Single Sign On and webdav access.


First you need to set up owa to use basic authentication.

1. In Internet Information Manager, go to Websites > Default website and find the folders exchweb, Exchange and public.

2. For the folders "Exchange" and "public" enable only Basic Authentication and enter your domain.

3. For the folder "exchweb" enable anonymous access.

If your external domain name is different than the internal domain name for owa you need to add a virtual host for owa. Because we're also using owa internally, I added a secondary ip-address to the owa server and put the virtual host on it.

4. In the Advanced Web Site Identification of the default website, add the secondary IP address and enter your external domain name in the Host Header value.

Next you need to create a path-based reverse proxy for owa.

5. Add the paths /Exchange, /exchweb and /public to the path list.

6. Add the secondary ip-address created on the owa server to the web server list.

7. For the Exchange and public folder you need identity injection, so create a protected resource for these folders.

8. Create an Exchange policy.

9. In this policy create two rules.

10. In the first rule inject the user credentials into the authentication header.

11. In the second rule insert the custom header "Front-End-Https: on" so the owa web server knows the client is using a ssl connection.

For more information, see Microsoft Article 307347.

12. Outlook Web Access shouldn't be cached except for the images, so add the exchange folders to the pin list.

Now you can access Outlook Web Access 2003 on, and your users are able to move and delete e-mail and don't get any security warnings about displaying nonsecure items.


How To-Best Practice
Comment List