다음을 통해 공유


Exchange 2013 SP1: OWA native support for ADFS!

It's been a long time coming but we finally have native support for ADFS authentication for OWA and ECP. Native means no more hacking away at the web.config , messing with fedutil etc.. etc..

It's all built into two commands:

-Set-OrganizationConfig --> set the token signing cert, ADFS issuer and AudienceURIs
-Set-EcpVirtualDirectory and Set-OWAVirtualDirectory -AdfsAuthentication

See https://technet.microsoft.com/en-us/library/dn635116(v=exchg.150).aspx for more details

spat

Comments

  • Anonymous
    May 18, 2014
    Hi, Is it possible to have multiple ADFS issuer ? I'm working on a Exchange 2013 multi-tenant environement. Thanks !

  • Anonymous
    June 11, 2014
    No you can't. But you could setup a hub and federate IDPs to the hub.

  • Anonymous
    October 08, 2014
    I can successfully authenticate to our ECP site with ADFS 3.0 and see the the Admin Page.  Unfortunately almost immediately Exchange kicks me out and the URL timeoutlogout.aspx.  ADFS then tries to login me back in but that starts a loop and eventually ADFS say's stop. Throws a Event 365 Error Exception details: Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '5' seconds.

  • Anonymous
    October 08, 2014
    I can successfully authenticate to our ECP site with ADFS 3.0 and see the the Admin Page.  Unfortunately almost immediately Exchange kicks me out and the URL timeoutlogout.aspx.  ADFS then tries to login me back in but that starts a loop and eventually ADFS say's stop. Throws a Event 365 Error Exception details: Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '5' seconds.

  • Anonymous
    June 11, 2015
    Too bad it doesn't work if OWA is using SSL offloading. When SSL is offloaded then Exchange stupidly puts "http" in the wtrealm parameter instead of "https" and Microsoft cleverly offers no setting to correct this idiotic behaviour.