SSL VPN
Reply
Visitor
racetiger
Posts: 9
Registered: ‎02-23-2009
0

Use a web resource as start page?

Hi everyone,

 

I have a bunch of users that wants to be able to get direct access to their webmail upon successful login to the SA. That is, no menu presented and with SSO login performed.

 

From what I can see, it's not possible to use a web resource as the starting page. If I specify the internal URL to the OWA resource (e.g. https://exchangeserver.internal.company.com/owa/ ) I simply get redirected to that URL without any rewriting activated, which of course will not work.

 

Could anyone confirm that this is not possible, or even better just describe how I could configure it! ;-)

 

The web resource I want to use is Outlook Web Access 2007 with remote SSO enabled. We're using SA2000 with IVE OS 6.4r1.

 

 

Thanks for any help!

 

 

 

drf
Contributor
drf
Posts: 46
Registered: ‎09-23-2008
0

Re: Use a web resource as start page?

In the Role go to General - UI Options. Change the Start Page to Custom page and set it to the URL that you want. The IVE will take the user to this page after login and rewrite the page.

 

Make sure there are no "Don't Rewrite" rules for that URL

Visitor
net_sec
Posts: 2
Registered: ‎08-24-2009
0

Re: Use a web resource as start page?

Bump. I have a similar problem:

 

Users a redirected to a Citrix webinterface web ressource straight after login. That now works fine (although it was a problem getting the IVE toolbar to survive..), but we now have major issues with the Citrix SSO.

 

Access to the Citrix portal is OK once the tunnel is up and we run a request from web browser, but things are just not happening right when the SA is doing the access requests (which seems to happen when using a starter page). We can definitely reach the server, but the authorization is not getting there. If we leave the basic auth/NoSSO default rule, then we get a basic auth prompt from the Juniper after a few minutes.. but it's definitely not what we're after !

 

Any help appreciated

Contributor
wotsit
Posts: 12
Registered: ‎04-28-2009
0

Re: Use a web resource as start page?

net_sec, if you are directing users to a Citrix Web Interface page once singned in to the Juniper, then you should be able to configure a form post to allow SSO to the Citrix environment - one thing I would check is that the Juniper is sending <USERNAME> and not <USER>.

 

A good starting guide is https://download.juniper.net/software/ive/docs/supplemental/how-to/How_To_Remote_SSO_for_Citrix_Nfus...

Production: Clustered SA6500-FIPS running 6.5r2
Development: Single SA2000 running 7.1r1
Visitor
racetiger
Posts: 9
Registered: ‎02-23-2009
0

Re: Use a web resource as start page?

Nice with a howto for citrix but is anyone able to help me out with my initial question - i.e. redirecting to an internal OWA with form post SSO immediately upon successful login? I still cannot get it to work...

 

 

Recognized Expert
kenlars
Posts: 420
Registered: ‎03-24-2008
0

Re: Use a web resource as start page?

I'm not sure about the SSO, but the use of a custom start page in the UI options definitely works, and definitely causes the URL to be rewritten, unless there is a selective rewriting rule to not rewrite that URL.

 

Ken

Visitor
racetiger
Posts: 9
Registered: ‎02-23-2009
0

Re: Use a web resource as start page?

Thanks Ken, sounds like it's worth doing some more rounds of testing with this!

 

Recognized Expert
kenlars
Posts: 420
Registered: ‎03-24-2008
0

Re: Use a web resource as start page?

So, I got this to work.

 

In the role to which the user gets assigned after logging in, specify the URL of your OWA server as the custom start page.  Make sure that there is no custom rewriting rule which causes the URL to not be rewritten.  Then, add a Basic Auth / NTLM SSO policy which specifies Basic Auth with the resource specified as the URL of your OWA server.  Choose to enable intermediation using system credentials.

 

Worked great - logged into the IVE, and the next page I saw was my OWA InBox.  Not sure it's important, but we run OWA 2003.

 

Ken

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.