Applies To:
Show VersionsBIG-IP APM
- 13.1.1, 13.1.0
About Microsoft OFBA in BIG-IP APM
You can open an On-Premises SharePoint document from a native Microsoft Office application, such as Microsoft Word, click the link in the document, and the correct document type opens with authentication using the Microsoft OFBA protocol. Access Policy Manager® (APM®) supports this feature by providing a built-in iRule, _sys_APM_MS_Office_OFBA_Support, in the iRules List in Local Traffic Manager® (LTM®). The OFBA protocol authenticates Microsoft Office applications to On-Premises SharePoint.
To configure APM to support Microsoft OFBA, create an access policy with a Client Type branch set to MS-OFBA compliant. For more information about the Visual Policy editor, refer to the BIG-IP Access Policy Manager: Visual Policy Editor guide.
Sample access policy
Creating a virtual server for MS OFBA support
Including MRHSession cookies in Office applications
Perform the following steps to ensure the Office applications include the MRHSession cookies in the requests to be granted access to the document.
Microsoft OFBA protocol parameters supported in APM
BIG-IP Access Policy Manager (APM) has a built-in iRule, _sys_APM_MS_Office_OFBA_Support, which alters how APM processes connections from Microsoft Office browsers. An LTM object called _sys_APM_MS_Office_OFBA_DG handles the configuration of the iRule. This object has the following parameters.
Parameter name | Description | Mandatory | Default Value | Possible values |
---|---|---|---|---|
ofba_auth_dialog_size | The OFBA dialog browser resolution size in width x height. | No | 800x600 | 400x300 |
ie_sp_session_sharing_enabled | A parameter to specify whether to enable or disable the IE session sharing using a persistent cookie named "MRHSOffice". | No | Disabled |
|
ie_sp_session_sharing_inactivity_timeout | The inactivity timeout value for the persistent cookie value "MRHSOffice" every time the SharePoint site refreshes or gets any response from SharePoint Server. | No | 60 seconds | Any positive values in seconds. Preferably greater than or equal to 60 seconds. |
useragent | Useragent strings are configured for OFBA clients to be identified. All the user-agent strings should start with "useragent" and a number, such as useragent1 or useragent2. | Yes | None | All the useragent values should be provided. The data-group already has a predefined set of user-agents for MS Office applications. |