MS-OFBA configuration
17.6.5. MS-OFBA configuration as one-shot target application

Procedure-related prerequisites

  • Airlock Gateway (WAF) must be configured to redirect the authentication request to IAM.
  • SharePoint must be configured as back-end in Airlock Gateway (WAF).


  • 1.
    In the Config Editor:
    Set the regular expression of the URL Pattern. Make sure this pattern matches with your Gateway (WAF) gateway settings of the SharePoint virtual host path.
  • 2.
    Leave the default User Agent HTTP Header Pattern when standard MS-Office header detection is required.
  • 3.
    Set the Browser Redirect URL for browser-based clients. Make sure this URL matches your Gateway (WAF) settings.
  • 4.
    Set the MS-OFBA Authentication URL for MS Office application authentication.
  • 5.
    Set the MS-OFBA Success URL. MS-OFBA requires an HTTP 200 response as acknowledgment for a successful authentication flow.
    We suggest using the built-in IAM MS-OFBA-success servlet for that purpose.
  • 6.
    Set the MS-OFBA Display Size for the MS-Office application as desired. This will set the Loginapp window size.
MS-OFBA One-Shot Target Application
Figure 3: Example configuration – MS-OFBA One-Shot Target Application

Further information and links