Exchange '10 CAS OWA (Default Web Site) Properties for Authentication

Looking for the best recommendation on what the authentication settings of OWA for Exchange 2010 under the Default Web Site properties should be set to.

Goal is to have OWA exposed out to the Internet via SSL only and to have all mailbox access login with domain\user name is fine. Would like to have this passed through from a single sign-on for Citrix so would Integration Windows be required or could that be form-based?
LVL 2
RTM2007Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Simon Butler (Sembee)ConsultantCommented:
Forms Based Authentication is the preferred method for authentication on OWA, as access is controlled by a cookie. That means when you sign out, the session is closed. Any other method allows access back in again.

However single sign on from Citrix would probably require Windows authentication. Therefore if you want to do both, you will need to create a second web site for the different authentication methods.

This is covered by an Exchange team blog.
http://blogs.technet.com/b/exchange/archive/2011/01/17/configuring-multiple-owa-ecp-virtual-directories-on-exchange-2010-client-access-server.aspx

Simon.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RTM2007Author Commented:
Thank you. For the standard authentication methods, is the basic authentication (password is sent in clear text) on by default? This seems not as secure that it is transmitted in plain text but not sure if undoing that setting would break authentication somehow.
0
Simon Butler (Sembee)ConsultantCommented:
By default it should be forms based authentication - I am talking about Exchange authentication here, not whatever you see in IIS manager. FBA will use plain text, because the password will be within an SSL session.

Simon.
0
RTM2007Author Commented:
Yes, I meant the OWA default site permissions under the authentication tab. The top setting is to use basic and the third check box is that password is sent in plain text (basic)
0
Simon Butler (Sembee)ConsultantCommented:
In a default configuration those would be greyed out and the forms based authentication methods enabled.

Simon.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.