Cookie/Session Expired - OWA SSL Reverse Proxy
spacecwoboy
nginx-forum at nginx.us
Fri Aug 16 13:43:18 UTC 2013
Jonathan Matthews Wrote:
-------------------------------------------------------
> On 14 August 2013 18:20, spacecwoboy <nginx-forum at nginx.us> wrote:
> > Hi.
> >
> > Trying to configure a reverse proxy to allow external access to an
> outlook
> > web access server. I am able to route traffic through the NGINX to
> the OWA
> > server, present the web page, and place the username & pw into the
> form.
> > OWA rejects valid username/pwd's with a: "Your session has timed
> out...."
> > error.
> >
> > Looking through my custom log files, somehow the session ID and the
> expired
> > values are munged in the GET & POST process through the proxy.
> There may be
> > a simple fix that I'm not able to find. Any suggestions will be
> > appreciated!
>
> I have a vague recollection that OWA uses a nasty form of
> authentication which *requires* that each client's end-to-end
> connection to the backend be long-lived, and only used by that one
> client (as the auth is done in the first few packets and not
> repeated). I don't know how you'd configure that in nginx.
>
> I may be wrong about it, however. I've never tried Nginx in front of
> OWA myself. This question comes up on the HAProxy list sometimes, and
> it seems solvable by HAP users.
>
> Jonathan
Much Appreciated Jonathan - it prompted me to take some different testing
steps.
I pointed ngnix to a 'test' OWA back-end, which is a mirror of the prod
environment, less the rigid SSL certs. Authentication passed right on
through, everything was jive.
I'll likely take a different route of trunking SSL to nginx, remove the OWA
cert, then ipsec'ing the nginx server to the OWA server host-to-host.
Seems that's the fairly common approach?
( This thread helped btw:
http://forum.nginx.org/read.php?2,234641,234654#msg-234654 )
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,241856,241939#msg-241939
More information about the nginx
mailing list