Exchange OWA Integration


#1

I have a small lab I setup for proof of concept before rolling it out in a production network. I followed this guide and got everything up and running. However, when I hit owa or ecp and login, I’m not redirected to ADFS, I just proceed straight through without issue and successfully login. Any ideas?

My lab consists of Server 2012 R2VMs, unless otherwise stated, in the following topology:
PrivacyIDEA running on uBuntu server 14.04
DC
ADFS
Exchange 2013
CA

PrivacyIDEA, Exchange, and ADFS are using a certificate issued by the CA and root cert for the CA is in the trusted store of all the windows machines.


#2

Imho there is a rule of thumb with debugging problems: Reduce the complexity level!

So obviously, if you do not see any ADFS Login page, you first need to fix your ADFS problem. Remove 2FA and ask for help with setting up ADFS.

Then, if you have this up and running, you can add 2FA with privacyIDEA.
By the way: You should not use ubuntu 14.04 anymore. Please use 16.04 with the launchpad repos or install via PIP on your preferred OS.

By the way: We provide services, support and SLA with the company NetKnights.


#3

All systems work independently. I can reach ADFS endpoints, I can log into OWA/ECP, all certificates in use are trusted across the domain. I guess the issue is in Exchange because it’s not performing any redirection to the ADFS login pages, I just don’t know where to look to verify that’s the issue and what’s incorrect.


#4

Well I’ve gotten a step further but still not 100% there. I wasn’t paying attention to the version of Exchange 2013 I had installed, it was RTM, and that doesn’t support ADFS integration like the guides show.

Now that I have 2013 CU21 installed, visiting owa or ecp URLs redirects to ADFS but signing in creates a loop back to the ADFS login page. So it’s not landing on the OWA login page first then going to ADFS and I also can’t progress past the ADFS login page…I’m at a loss at this point.