Authentication limitations
The credentials presented to WebSEAL by Outlook are used in the RPC data and the authentication to Exchange. The WebSEAL user credentials must match the AD credentials for Exchange.
We must configure the WebSEAL server to connect to Exchange using a BA header over HTTPS. The value for ba-auth in the [ba] stanza must be set to https.
ba-auth = https
The BA credentials for the user must be passed through the junction to the Exchange server. Specify the -b ignore option when creating the junction
- Microsoft NT LAN Manager (NTLM) authentication is not supported.
- The /RpcWithCert endpoint is not supported. It expects client certificate authentication. WebSEAL cannot authenticate using a client certificate for the configured junction.
Parent topic: Microsoft RPC over HTTP
Related concepts
- RPC over HTTP support in WebSEAL
- Junction configuration
- POP configuration
- Timeout considerations
- WebSEAL server log errors
- Worker thread consideration