Outlook Web App published through WAP with ADFS pre-authentication doesn't redirect to ADFS login after the ADFS SSO token expires
Original KB number: 4012524
Symptoms
In an Exchange Server 2013 or Exchange Server 2016 environment, you publish Outlook Web App through WAP and enable ADFS pre-authentication. When you log on to Outlook Web App but take no actions after a certain time, you experience these symptoms:
You don't receive any new email or notifications, unless you manually refresh the webpage.
When you click on the navigation menu or any buttons in Outlook Web App, you'll receive connectivity error messages like the following one:
Your request can't be completed right now. Please try again later.
Cause
This issue occurs because the Single Sign-On (SSO) authentication token from ADFS (which is managed by ADFS's SsoLifetime attribute) has expired. WAP returns an HTTP 307 response to Outlook Web App to redirect the user to ADFS for reauthentication, but Outlook Web App doesn't process this response, and the user remains unauthenticated.
Workaround
This is a known issue and will be fixed in a future release. To work around this issue, publish Outlook Web App through WAP by using pass-through authentication instead of ADFS pre-authentication.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for