IBM Security Verify

Expand all | Collapse all

Enabling SSO on Outlook Web Access via IBM Security Verify WS-Federation

  • 1.  Enabling SSO on Outlook Web Access via IBM Security Verify WS-Federation

    Posted Tue August 24, 2021 02:06 PM
    Hi Everyone,

    We're using Verify SaaS. We're trying to configure WS-Federation SSO to Outlook Web Access **on-premise** using the Microsoft 365 app with the following settings:

    * In ISV, create a new Microsoft 365 application.
    * Set Sign-on method to: WS-Federation
    * Set Provider ID to: https://mail.domain.com/owa/
    * Set the WS-Federation end point of the application to: https://mail.domain.com/owa
    * Set Signature OptionsSignature algorithm to: SHA1
    * Set Signature OptionsSignature Certificate to: Default personal certificate
    * Set SAML subjectName identifier to: upn
    * Set Attribute MappingAttributeUPN to: upn
    * Set Attribute Mapping AttributeImmutableID: {custom AD attribute}

    We're getting a redirect loop between ISV and OWA. Responses from OWA is 302 Found form POST with wct, wctx and wresult form fields.

    Has anyone been able to get OWA connected with ISV?




    ------------------------------
    Timothy Dilbert
    ------------------------------


  • 2.  RE: Enabling SSO on Outlook Web Access via IBM Security Verify WS-Federation

    Posted Fri August 27, 2021 07:51 AM
    Hi Timothy,

    The WS-Federation SSO in ISV currently is supported for Microsoft 365 application, it's not yet available for custom application like OWA, probably you'll need to submit RFE if you need custom application support of WS-Federation SSO.

    Best Regards

    Chen Yongming

    ------------------------------
    Yongming Chen
    ------------------------------



  • 3.  RE: Enabling SSO on Outlook Web Access via IBM Security Verify WS-Federation

    Posted Mon September 27, 2021 09:01 AM
    Hi Timothy, Chen,

    It is hard to believe that integrating with a player like Microsoft makes us face some IBM bureaucraty.
    I didn't know the same issue existed on the SaaS version.
    On this purpose, I filled a RFE for a proper ISV/Azure federation integration beacause i face a similar issue (WS-Federation needed by Azure) with the virtual appliance version.
    https://ibmsecurity.ideas.ibm.com/ideas/ISAM-I-1021

    Hope this will be considered as an issue and will be fixed very fast for a smooth integration.

    Best regards

    ------------------------------
    Nicolas Karageuzian
    ------------------------------