locked
UAG 2010 SP1 Claims-aware OWA and AD FS 2.0 : The URL /owa/default.aspx contains an illegal path. RRS feed

  • Question

  • Hi folks,

    I have a UAG / AD FS 2.0 question. I have UAG 2010 SP1 working with non-federated trunk (strong) authentication, combined with federated back-end authentication (AD FS 2.0) using KCD to an AD FS 2.0 Security Token Service. This works fine with claims-aware applications such as Sharepoint 2010 and SSO works between SP web applications great. I'm now expanding this to include OWA 2010 (using FedUtil/WIF on the CAS server). OWA works fine internally with AD FS 2.0 (using C2WTS and UPN), but when I publish the application through UAG (from the Internet) I get an error message:

    You have attempted to access a restricted URL. The URL contains an invalid path. Navigate back and follow another link, or type in a different URL.

    When I click on the Back button on the browser ... hey presto OWA works!!!! Looking at the web management event trace I see:

    Warning 04/11/2011 22:45:34 67 URL Path Not Allowed Security trunkaa. A request from source IP address 1.2.3.4, user mylo on trunk trunkaa; Secure=1 for application OWA 2010 of type ExchangePub2010 failed. The URL /owa/default.aspx contains an illegal path. The rule applied is Default rule. The method is GET.

    After the back button

    Information 04/11/2011 22:45:36 121 KCD Protocol Transition Succeeded Security trunkaa (S) MYSERVER The S4U2Self Kerberos token for user mylo with source IP address 1.2.3.4 was retrieved successfully. The application is AD FS 2.0 - AD FS 2.0 Corporate of type STS on trunk trunkaa; Secure:1

    I assumed this was a URL path issue in UAG but after the back button works, I'm not so sure. Can anybody offer some insight / help or provide me with a back button macro :0)

    Regards,
    Mylo

    Monday, April 11, 2011 9:08 PM

Answers

  • Hi Mylo,

    I'm marking the question as answered, even though it is not, as it appears no one has been able to answer it in almost a month. If the issue is still unresolved, I would suggest you open a support case with Microsoft CSS to address this, or post the question again at a later time.


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, May 10, 2011 12:10 AM
    Tuesday, May 10, 2011 12:10 AM

All replies

  • Bump.
    Wednesday, April 20, 2011 8:41 AM
  • Hi Mylo,

    I'm marking the question as answered, even though it is not, as it appears no one has been able to answer it in almost a month. If the issue is still unresolved, I would suggest you open a support case with Microsoft CSS to address this, or post the question again at a later time.


    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, May 10, 2011 12:10 AM
    Tuesday, May 10, 2011 12:10 AM