Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Office.com (office365) via web app link

NetworkBod
Contributor
‎12-08-2021 08:59:AM
‎12-08-2021 08:59:AM

Office.com (office365) via web app link

Hi all, just after some advise on the correct way to setup accessing office365 apps (Outlook etc) via web app link (resource profile) within Pulse with SSO (Azure AD) if possible. Anyone done this before? thanks

0 Kudos
8 REPLIES 8
r@yElr3y
Moderator
Moderator
‎12-17-2021 04:44:PM
‎12-17-2021 04:44:PM

Re: Office.com (office365) via web app link

@NetworkBod I believe we cannot do SSO for Office365 using form post method, as O365 has dynamic form contents which VPN cannot create on-the-fly. I remember using a trick which is configure SAML SSO policy in the VPN server, and enable persistent cookie under user role. So that would do is when the user logs into Outlook for the very first time, they'd be redirected to Azure for auth. and since everything happens within the VPN's rewrite scope, persistent cookie will enable the VPN server to remember those Azure auth cookies and save it as part of the user record.


Hence, from the second time onwards, users will not be prompted for authentication as the VPN server will re-use the session cookie while connecting to Azure like the browsers do. Smiley Happy

 

Since you asked for possible methods, there's another one but it cannot be done with O365 + Azure suite, which is SAML Chaining i.e., you can the VPN server to act as IdP for the resource i.e. Outlook, however, we would be POSTing the data to Azure (which is another IdP - Azure, in this instance, acting as SP for the VPN and the real IdP for the Outlook) and then proxy/rewrite the SAML response sent by VPN to Outlook by giving a feel that it actually came from Azure itself (so that Outlook can trust the response) and permit access based on the rules we setup.


I remember this cannot be done with O365 as Azure will not support the SAML chaining feature, however, feel to check with MSFT.

PCS Expert
Pulse Connect Secure Certified Expert
NetworkBod
Contributor
‎12-18-2021 02:41:AM
‎12-18-2021 02:41:AM

Re: Office.com (office365) via web app link

Many thanks for your response, I'll certainly look into the SAML method. At the moment I'm struggling to get the office365 landing page to display. I created a web resource profile heading to the office365 login page which displays fine but upon login just a blank white page appears. Does the resource profile for this require any special settings such as compression or anything else?  There's no errors in the logs and the web requests look fine but it's struggling to display the page for some reason. Many thanks.

r@yElr3y
Moderator
Moderator
‎12-18-2021 06:26:AM
‎12-18-2021 06:26:AM

Re: Office.com (office365) via web app link

@NetworkBod Do you see the blank page when loading login.microsoftonline.com?

 

If yes, that's a known issue with "integrity" method (browser dev tools > console > errors related to sha integrity will be recorded) of the Azure page which I believe resolved in the latest releases.

 

What is the firmware version of the VPN?

IIRC, it should happen only in chrome based browsers like Edge, Chrome, etc.

Can you please try using IE and see if the page loads?

PCS Expert
Pulse Connect Secure Certified Expert
NetworkBod
Contributor
‎12-20-2021 02:02:AM
‎12-20-2021 02:02:AM

Re: Office.com (office365) via web app link

[email protected] Hi, we're currently on 9.1R13, yes the blank page appears just after login to login.microsoftonline.com. As you suggested i tried IE and it worked, although a banner appears stating IE is not supported and i'll be logged out. 

 

Do you think 9.1R13.1 fixes this? i checked the release notes and can only see HTML5 SSH fixed issues.

 

Thanks.

r@yElr3y
Moderator
Moderator
‎12-22-2021 07:46:PM
‎12-22-2021 07:46:PM

Re: Office.com (office365) via web app link

@NetworkBod 

Hmm.. Interesting.. I just tested the setup in my lab device which is running 9.1R13 by accessing outlook.office.com which redirects me to login.microsoftonline.com and it works as expected (no blank page). So the blank page issue is not there in 9.1R13 code.

 

Do you have any rewrite filters applied? (Users >> Resource policies >> Web >> Rewriting filters).

 

If you don't have any, then please open a support ticket with us. Our support team should be able to provide you a rewrite filter that would resolve the issue.

 

PCS Expert
Pulse Connect Secure Certified Expert
NetworkBod
Contributor
‎12-23-2021 07:53:AM
‎12-23-2021 07:53:AM

Re: Office.com (office365) via web app link

[email protected] Hi... just checked and there is a rewrite policy, i believe its the standard rewrite policy (Initial Rewrite Policy) which is set to 'Rewrite content (auto-detect content type)' and is applied to all roles and all resources (*.*). Do you think this needs amended? or will i just log with suport to assist further?

 

Thanks for your help on this, cheers

0 Kudos
NetworkBod
Contributor
‎12-23-2021 07:59:AM
‎12-23-2021 07:59:AM

Re: Office.com (office365) via web app link

[email protected] Ah sorry just realised the Rewriting filter is in a different section to the web rewrite policy. There is no rewrite filter, so i'll log with support to assist.

 

Thanks again.

r@yElr3y
Moderator
Moderator
‎12-23-2021 04:08:PM
‎12-23-2021 04:08:PM

Re: Office.com (office365) via web app link

@NetworkBod Yes, please. Support team would help to debug this further. Ideally, it would be a rewrite filter. Smiley Happy

Thank you!

PCS Expert
Pulse Connect Secure Certified Expert
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.