I'm looking for some assistance with NAM and Outlook 2010.
Specifically my Outlook Admin recently asked if I could proxy OWA /
Webmail. He would like to perform some testing without the complexity
of any NAM authentication / SSO. I figured such a request would be
rather easy. But alas I've been proven wrong.

I stood up a multi honed proxy service on NAM for our Dev OWA server. I
placed a host file entry on my machine to point to the newly created URL
(lets call it test-owa.test.com. Then using both IE and Firefox I
attempted to go to https://test-owa.test.com/ Unfortunately I found
that when I hit the NAM hosted URL I received a 301 response which then
sends me directly to the OWA server bypassing Access Manager. Thus it
would appear that the rewriter isn't functioning in this configuration
which makes no sense to me.

Any thoughts / suggestions would be greatly appreciated.

-Jeff


Here is what I did and didn't do to setup the proxy service:

URLS:
https://test-owa.test.com/owa/auth/logon.aspx

PLACED A HOST FILE ENTRY ON MY WORKSTATION:
10.115.11.101 test-owa.test.com test-owa

ON NAM:
1. Created a *Proxy Service Name* of test-owa
2. Specified *Published DNS Name* of test-owa.test.com (note that this
isnt in DNS at this point but placed on my workstation using a host
file entry)
3. Specified *Multi-Homing Type* of domain based, not that it was added
to a list of other working proxy services
4. Specified *Web Server IP Address* using the IP address pointing to
the Exchange /OWA server Im trying to test
5. Specified *Host Header* as Web Server Host Name
6. Specified *Web Server Host Name* using the host name that corresponds
with the IP address from item 4 above.

MODIFIED THE PROXY SERVICE BY SETTING UP THE FOLLOWING ADDITIONAL
CONFIGURATION:

SETUP PROTECTED RESOURCES:
Created a protected resource called root, with a path of /*. There are
no authentication policies, injection policies, etc associated with
this.

SETUP HTML REWRITING:
Make a new word rewriter and move it to the top of the list, it should
have the following settings:
in the Variable or Attribute Name to Search for Is section, specify
value and formvalue
Select Rewrite Inbound Query String Data.
Select Rewrite Inbound Post Data.
Select Rewrite Inbound Headers.
Make sure that Enable Rewrite Actions remains selected.

Finally worth noting, although my DEV Access Manager config is using SSL
/ port 443 for both the login URL and the ESP URL, I did not change the
default configuration for this new proxy service from port 80 to 443.
So my tests would have involved the LAG talking to the web server via
port 80. As I mentioned the new proxy service host name isnt in DNS
but my login and ESP URLs are.

Additionally my version of NAM is 3.1 sp4 using a combined admin console
/ IDP server, and a separate LAG.

DOCUMENTATION USED:
section 2.5.4: http://tinyurl.com/abzfjg4


--
jeschaff
------------------------------------------------------------------------
jeschaff's Profile: https://forums.netiq.com/member.php?userid=400
View this thread: https://forums.netiq.com/showthread.php?t=46227