Office Authentication
Since Basic Authentication is no longer supported by the newer version of Microsoft Office, it is up to the application to provide the authentication infrastructure. This is build on top of the Office Forms Based Authentication Protocol (MS-OFBA). This protocol enables HTTP-based forms authentication. You have to make sure that your Office configuration supports this authentication method.
Install the Office Login application#
The Office Login application is a WebSphere application that provides the login form and handles the flow of the MS-OFBA protocol. It uses the j_security_check endpoint, which is a built-in action in Java EE for handling form-based authentication.
To install the Office login application you have to take the following steps:
- Download the office login application and install it as a new WebSphere application
- Navigate to Web Module Properties > Context Root For Web Modules and set the desired value. You will need this value later on.
- Navigate to Security role to user/group mapping and map the user role to the special subject All Authenticated in Application's Realm
- Save your configuration and restart the application.
Open a browser on the client and navigate to https://<server-url>/<context-root>/logon. If configured correctly a login dialog should appear. Login to this page with the correct credentials and check the result.
Note
If you want to customize the login dialog then you have to customize the login.html page and the corresponding style sheet.
Install the office login TAI#
The purpose of the Office Login TAI is to redirect the flow for unauthenticated requests from the Office application to the Office Login application.
To install the Office login application you have to take the following steps:
- Download the TAI and copy the jar-file to the
AppServer/lib/extfolder of your WebSphere installation - Configure the TAI using the following information:
| Property | Value |
|---|---|
| Interceptor class name | nl.ecmpartners.office.server.tai.OfficeLogonTAI |
| zfcPathPrefix | The ZFC path prefix |
| logonPathPrefix | The Context Root For the office login application |
| baseUrl | The URL of the WebDAV server |
| dialogSize | (optional) The size of the login dialog e.g. "800x600" |
Make sure you enable trust association support. Do not restart the server, you will do this after the next step!
Configure the WebDAV server#
You have to use the ECMP Zero Footprint Client Configuration plug-in to turn on forms based authentication for Office applications. In the plugin configuration page navigate to the Office Configuration section and select Forms-based authentication as the authentication method.
Finishing the installation#
To finish the installation you have to take the following steps:
- Restart the WebSphere application server
- Check the WebSphere log for error messages.
- A successful deploy should give the following messages in the WebSphere log-file:
00000001 TrustAssociat A SECJ0121I: Trust Association Init class nl.ecmpartners.office.server.tai.OfficeLogonTAI