Manual Chapter : Configuring MS OFBA for Sharepoint in APM

Applies To:

Show Versions Show Versions


  • 13.1.1, 13.1.0
Manual Chapter

About Microsoft OFBA in BIG-IP APM

You can open an On-Premises SharePoint document from a native Microsoft Office application, such as Microsoft Word, click the link in the document, and the correct document type opens with authentication using the Microsoft OFBA protocol. Access Policy Manager® (APM®) supports this feature by providing a built-in iRule, _sys_APM_MS_Office_OFBA_Support, in the iRules List in Local Traffic Manager® (LTM®). The OFBA protocol authenticates Microsoft Office applications to On-Premises SharePoint .

To configure APM to support Microsoft OFBA, create an access policy with a Client Type branch set to MS-OFBA compliant. For more information about the Visual Policy editor, refer to the BIG-IP Access Policy Manager: Visual Policy Editor guide.

Sample MS OFBA access policy

Sample access policy

Creating a virtual server for MS OFBA support

BIG-IP APM includes an OFBA iRule that allow users to open, use, and authenticate Microsoft Office applications directly to BIG-IP APM . To accomplish this, as the administrator, create a virtual server with the OFBA iRule.
  1. At the top of the screen, click Configuration, then, on the left, click LOCAL TRAFFIC > Virtual Servers .
    The screen displays the list of virtual servers defined on this device.
  2. Click Create.
    The New Virtual Server screen opens.
  3. In the Name field, type in a name for the virtual server you are creating.
  4. From the Device list, select the device on which to create the virtual server.
  5. For the Destination Address, type the IP address of the destination that you want this virtual server to send its traffic to.
  6. In the Service Port field, type a service port number, or select a type from the list.
    When you select a type from the list, the value in the Service Port field changes to reflect the associated default, which you can change.
  7. From the Access Policy list, select the access policy with the MS OFBA compliant branch.
  8. In the iRules section, from the Available list, select _sys_APM_MS_Office_OFBA_Support and move it to the Enabled list.
  9. Specify the additional settings needed to suit the requirements for this virtual server.
    The remaining parameters on this screen are optional and perform the same function as they do when you configure a virtual server on a BIG-IP device.
    Note: For details about the purpose or function of a particular setting, refer to the BIG-IP reference information on
  10. Click Save & Close.
    The system creates the new virtual server with the settings you specified.

Microsoft OFBA protocol parameters supported in APM

BIG-IP Access Policy Manager (APM) has a built-in iRule, _sys_APM_MS_Office_OFBA_Support, which alters how APM processes connections from Microsoft Office browsers. An LTM object called _sys_APM_MS_Office_OFBA_DG handles the configuration of the iRule. This object has the following parameters.

Parameter name Description Mandatory Default Value Possible values
ofba_auth_dialog_size The OFBA dialog browser resolution size in width x height. No 800x600 400x300
ie_sp_session_sharing_enabled A parameter to specify whether to enable or disable the IE session sharing using persistent cookie named "MRHSOffice". No Disabled
  • 1 | 0
  • 1 - enabled
  • 0 - disabled
ie_sp_session_sharing_inactivity_timeout The inactivity timeout value for the persistent cookie value "MRHSOffice" everytime the SharePoint site refreshes or gets any response from SharePoint Server. No 60 seconds Any positive values in seconds. Preferably greater than or equal to 60 seconds.
useragent Useragent strings are configured for OFBA clients to be identified. All the user-agent strings should start with "useragent" and a number, such as useragent1 or useragent2. Yes None All the useragent values should be provided. The data-group already has a predefined set of user-agents for MS Office applications.