You can configure FortiWeb to use Form Based Delegation to publish your web servers including OWA/Exchange (2010/2016).
Once the client successfully passes the authentication with FortiWeb, FortiWeb will issue a cookie to track the user session and do form based authentication with the server.
To configure a Form based Delegation
- Go to Application Delivery > Site Publish > Form Based Delegation.
To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Server Policy Configuration category. For details, see Permissions.
- Click Create New. You can also clone the predefined templates, and edit the settings as your desire.
- Configure the following settings. FortiWeb will initiate an authentication request to the server based on the following fields.
Name Enter a name for the Form based Delegation rule. Logon URL Type
Simple String—Enter a literal URL, such as /folder1/index.htm that the HTTP request must contain in order to match the rule, or use wildcards to match multiple URLs, such as /folder1/* or /folder1/*/index.htm. The URL must begin with a slash ( / ).
Regular Expression—A regular expression, such as ^/*.php, matching the URLs to which the rule should apply. The pattern does not require a slash ( / ).
Logon URL Enter the logon URL in simple string or regular expression. Form Action The URL of the form. Method Select whether to use GET or POST method to initiate the authentication requests to the server. Additional Cookies Configure to add cookie in the authentication request. Username Field The keyword of the username field. Password Field The keyword of the password field.
Enter additional fields to add in the authentication request. The format must be “key=value”
- Click OK.
To use the Form Based Delegation, you need to create a Site Publish rule, select HTML Form Authentication for Client Authentication Method, select Form Based Delegation for Authentication Delegation, then choose the Form Based Delegation you have created. See Offloaded authentication and optional SSO configuration.