MS Exchange

Owned by Brad Johnson
Last updated: Dec 19, 2005Version comment
3 min read

OWA is not designed to function in a small channel window, and the best way to integrate Outlook would be to link to Outlook Web Access (OWA) from a bookmarks type channel.

Simulated Single Sign-on

Simulated Single Sign-on can be used to allow the user to browse from the portal to OWA if OWA is using Form Based Authentication. (Note: that Form Based Authentication is greyed out on a cluster server because FBA isn't available on a cluster.)

Example for Outlook Exchange 2003

outlook.jsp
<%
   /* 
     This JSP passes the uPortal username and password to the Outlook Web Access login form
     and submits them as hidden variables.  It also passes various other hidden variables 
     that are necessary to perform the login. 
   */ 
%> 
 
 
<%@ page import="org.jasig.portal.security.IPerson" %> 
<%@ page import="org.jasig.portal.security.PersonManagerFactory" %> 
<%@ page import="org.jasig.portal.security.ISecurityContext" %> 
<%@ page import="org.jasig.portal.security.provider.NotSoOpaqueCredentials" %> 
<%@ page import="org.jasig.portal.security.IOpaqueCredentials" %> 
<%@ page import="org.jasig.portal.security.IPrincipal" %> 
<%@ page import="org.jasig.portal.services.LogService" %>
<%@ page import="org.jasig.portal.PortalException" %>


<html> 
<head> 
<title>Outlook Web Access</title> 
<link rel=stylesheet href="stylesheets/general.css" TYPE="text/css"> 
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> 
</head> 
 
<body bgcolor="FFFFFF" onLoad="document.logonForm.submit()"> 
 
<%
// should really be this if you would like to support the
// UnionSecurityContextFactory for multiple authentication types
String password = null;
String userID = null;
try {
    IPerson person = PersonManagerFactory.getPersonManagerInstance().getPerson(request); 
    if(person == null)
	LogService.instance().log(LogService.ERROR, "outlook.jsp: null person");

    ISecurityContext sc = person.getSecurityContext();
    IOpaqueCredentials oc = sc.getOpaqueCredentials();
    if (oc instanceof NotSoOpaqueCredentials) {
	NotSoOpaqueCredentials nsoc = (NotSoOpaqueCredentials)oc;
	password = nsoc.getCredentials();
	//get user id
	IPrincipal personPrincipal = sc.getPrincipal();
	userID = personPrincipal.getUID();
    }

    // If still no password, loop through subcontexts to find cached credentials
    if (password == null) {
	java.util.Enumeration en = person.getSecurityContext().getSubContexts();
	while (en.hasMoreElements()) {
	    ISecurityContext sctx = (ISecurityContext)en.nextElement();
	    IOpaqueCredentials soc = sctx.getOpaqueCredentials();
	    if (soc instanceof NotSoOpaqueCredentials) {
		NotSoOpaqueCredentials nsoc = (NotSoOpaqueCredentials)soc;
		password = nsoc.getCredentials();
		//get user id
		IPrincipal personPrincipal = sctx.getPrincipal();
		userID = personPrincipal.getUID();
		if (password != null)
		    break;
	    }
	}
    }
} catch (Exception e) {
    throw new PortalException ("Please make sure you have a Cached Security Provider configured in the security.properties file. ", e);
}
%> 

<FORM action="https://owa.roanoke.edu/exchweb/bin/auth/owaauth.dll" method="POST" name="logonForm">

<INPUT type="hidden" name="destination" value="https://owa.roanoke.edu/exchange">
<INPUT type="hidden" name="flags" value="0">

<INPUT id="rdoPublic" type="radio" name="trusted" value="0" onclick="flags.value &= 11">
<INPUT id="rdoTrusted" checked name="trusted" type="radio" value="4" onclick="flags.value |= 4">

<%= "<input type=\"hidden\" name=\"username\" value=\""+userID+"\">" %> 
<%= "<input type=\"hidden\" name=\"password\" value=\""+password+"\">" %> 

</form>
</body>
</html>

You'll need to make sure you have form based authentication enabled. see doc:
Customizing the Outlook Web Access Logon Page

You also need to use SSL or modify the registry to not use SSL

Finally, in your security context file, if you're using LDAP, make sure you have an LDAP Caching context set and that it is set above the LDAP context.

Kerberos?

You also may be able to integrate with SPNEGO (essentially Kerberos over HTTP - Microsoft's latest attempt to integrate windows desktop with your browser) or NTLM authentication. Both may be best supported by IE on Windows and the web server (Apache or IIS) uPortal is run behind would need to use NTLM to authenticate users.

Microsoft is focusing its Outlook Web Access portal integration efforts into SharePoint and they're doing it in SharePoint's proprietary API (aka. WebParts).

Commercial Portlets

Yash Technologies, a leading provider of enterprise portal solutions, announced the release of JSR 168 Compliant SyncEx Collaboration Portlets for use by enterprise customers worldwide. The new offering gives Enterprise Portal customers the ability to integrate Microsoft Exchange emails, appointments, contacts, tasks into their portals quickly and easily. http://www.javalobby.org/java/forums/t52678.html

For more information on the SyncEx Portlets for JSR 168 Compliant Portals and free evaluation software, visit http://www.SyncEx.com/.