Solved

Exchange '10 CAS OWA (Default Web Site) Properties for Authentication

Posted on 2014-10-16
5
206 Views
Last Modified: 2014-10-21
Looking for the best recommendation on what the authentication settings of OWA for Exchange 2010 under the Default Web Site properties should be set to.

Goal is to have OWA exposed out to the Internet via SSL only and to have all mailbox access login with domain\user name is fine. Would like to have this passed through from a single sign-on for Citrix so would Integration Windows be required or could that be form-based?
0
Comment
Question by:RTM2007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40385500
Forms Based Authentication is the preferred method for authentication on OWA, as access is controlled by a cookie. That means when you sign out, the session is closed. Any other method allows access back in again.

However single sign on from Citrix would probably require Windows authentication. Therefore if you want to do both, you will need to create a second web site for the different authentication methods.

This is covered by an Exchange team blog.
http://blogs.technet.com/b/exchange/archive/2011/01/17/configuring-multiple-owa-ecp-virtual-directories-on-exchange-2010-client-access-server.aspx

Simon.
0
 
LVL 2

Author Comment

by:RTM2007
ID: 40385553
Thank you. For the standard authentication methods, is the basic authentication (password is sent in clear text) on by default? This seems not as secure that it is transmitted in plain text but not sure if undoing that setting would break authentication somehow.
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40385560
By default it should be forms based authentication - I am talking about Exchange authentication here, not whatever you see in IIS manager. FBA will use plain text, because the password will be within an SSL session.

Simon.
0
 
LVL 2

Author Comment

by:RTM2007
ID: 40385570
Yes, I meant the OWA default site permissions under the authentication tab. The top setting is to use basic and the third check box is that password is sent in plain text (basic)
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40385584
In a default configuration those would be greyed out and the forms based authentication methods enabled.

Simon.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Outlook for dependable use in a very small business   This article is about using the Outlook application (part of Microsoft Office) in a very small business, or for homeowners where dependability and reliability are critical requirements. This …
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question