Exchange 2013 SP1: OWA native support for ADFS!


It's been a long time coming but we finally have native support for ADFS authentication for OWA and ECP. Native means no more hacking away at the web.config , messing with fedutil etc.. etc..

It's all built into two commands:

-Set-OrganizationConfig --> set the token signing cert, ADFS issuer and AudienceURIs
-Set-EcpVirtualDirectory and Set-OWAVirtualDirectory -AdfsAuthentication

See http://technet.microsoft.com/en-us/library/dn635116(v=exchg.150).aspx for more details

spat

 

 

Comments (5)
  1. Jordan says:

    Hi,

    Is it possible to have multiple ADFS issuer ? I'm working on a Exchange 2013 multi-tenant environement.

    Thanks !

  2. spatdsg says:

    No you can't. But you could setup a hub and federate IDPs to the hub.

  3. Issue with TimeoutLogout says:

    I can successfully authenticate to our ECP site with ADFS 3.0 and see the the Admin Page.  Unfortunately almost immediately Exchange kicks me out and the URL timeoutlogout.aspx.  ADFS then tries to login me back in but that starts a loop and eventually ADFS say's stop.

    Throws a Event 365 Error

    Exception details:

    Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '5' seconds.

  4. Josh Bright says:

    I can successfully authenticate to our ECP site with ADFS 3.0 and see the the Admin Page.  Unfortunately almost immediately Exchange kicks me out and the URL timeoutlogout.aspx.  ADFS then tries to login me back in but that starts a loop and eventually ADFS say's stop.

    Throws a Event 365 Error

    Exception details:

    Microsoft.IdentityServer.Web.InvalidRequestException: MSIS7042: The same client browser session has made '6' requests in the last '5' seconds.

  5. Random says:

    Too bad it doesn't work if OWA is using SSL offloading. When SSL is offloaded then Exchange stupidly puts "http" in the wtrealm parameter instead of "https" and Microsoft cleverly offers no setting to correct this idiotic behaviour.

Comments are closed.

Skip to main content