SungHoon_Kim

O365 Integration Test Result - Part 2

Blog Post created by SungHoon_Kim Employee on Apr 3, 2017

This is follow up on my previous "O365 Integration Test Result".

 

I did some more test...

 

Question #1:

In Active Requestor Mode, does the Office Client contact STS directly for authentication? Or is it office.com?

 

Question #2:

In Passive Requestor Mode, does the Office Client contact AuthenticationURL(redirect.jsp) directly for authentication? Or is it office.com?

 

 

I was unable to decrypt the network traffic(and also unable to capture from fiddler) so I am relying on the header information which I enabled on Apache by using "dumpio:trace7"

I will write a separate article about the "dumpio" module after this. Here!!

All the Request and Response headers will be logged in the Apache error_log file.

 

In order to setup O365 environment within CA.COM network, we had to have a proxy server that would forward the requests to our CA Access Gateway server.

 

I will just refer to it as "proxy.cassodemos.com"

This will forward https requests to "CA Access Gateway" (aka SPS) in the internal lab environment.

Let's say the proxy.cassodemos.com IP address is 10.0.0.1

 

SPS server is "gateway.cassodemos.com"

IP address is 192.168.0.2

 

And we have a client machine, let's refer to it as "client.cassodemos.com"

And the IP is 192.168.0.11

 

Active Requestor mode, error_log with dumpio:trace7
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 61 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): POST /SamplePartnership-Office365/windowstransport HTTP/1.1\r\n
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(135): [client 10.0.0.1:59121] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 34 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): Host: gateway.cassodemos.com\r\n
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(135): [client 10.0.0.1:59121] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 36 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): Content-Type: application/soap+xml\r\n
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(135): [client 10.0.0.1:59121] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 13 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): Accept: */*\r\n
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(135): [client 10.0.0.1:59121] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 195 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; WOW64; .NET4.0C; .NET4.0E; InfoPath.3; MSOIDCRL 7.250.4556.0; App EXCEL.EXE, 15.0.4911.0, {9317BCB6-314B-442F-A5DA-9BC2BEBC271D})\r\n
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(135): [client 10.0.0.1:59121] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 42 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): X-MS-SmartNegotiateSupportedClient: True\r\n
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(135): [client 10.0.0.1:59121] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 787 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAJAAAACCAYIBqAAAABQAFABYAAAACgAKAGwAAAAaABoAdgAAABAAEAAqAgAAFYKI4goAACgAAAAPOEXNS6vwbuIn/8rFMoKr02MAYQBzAHMAbwBkAGUAbQBvAHMAcwB1AHMAZQByAEsASQBNAFMAVQAwADUALQBUADQAMwA0ADcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUjWhk8Mj/XIGaC4hnNLwTAEBAAAAAAAA1EI46xGo0gFPMkENY6jnigAAAAACABQAYwBhAHMAcwBvAGQAZQBtAG8AcwABABYATABPAEQAMQA2ADUANwBWAE0AMAA0AAQAHABjAGEAcwBzAG8AZABlAG0AbwBzAC4AYwBvAG0AAwA0AGwAbwBkADEANgA1ADcAdgBtADAANAAuAGMAYQBzAHMAbwBkAGUAbQBvAHMALgBjAG8AbQAFABwAYwBhAHMAcwBvAGQAZQBtAG8AcwAuAGMAbwBtAAcACADUQjjrEajSAQYABAACAAAACAAwADAAAAAAAAAAAAAAAAAwAAAwqWQ3sJHlDDN+kCDGFscj9l6dpUrk5TzSB4E4Ea5PUAoAEABTJ04SZ9qTbtonipGUDZDBCQBAAEgAVABUAFAALwB1AHMAaQBsAGEAcwBkADAAMAA0ADAANAAuAGMAYQBzAHMAbwBkAGUAbQBvAHMALgBjAG8AbQAAAAAAAAAAAAAAAAAtt9tY/8E/eAJOjdz+LA7D\r\n
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(135): [client 10.0.0.1:59121] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 167 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): Cookie: NTLMCRED=H7Hjely0WvHunvswx%2Frx4wN%2BQrrf0IHPmBeyheMHra8XEb%2BU1s%2BUVr5pPFBEK%2BC9QXxh%2F%2BE261aMdj7uPVmqQAX5AgCKa%2FwFPwMM3IIeyrR2lF%2FX9M%2BxdjXBjyZuX7wu\r\n
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(135): [client 10.0.0.1:59121] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 32 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): X-Forwarded-For: 192.168.0.11\r\n
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(135): [client 10.0.0.1:59121] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 47 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): X-Forwarded-Host: proxy.cassodemos.com\r\n
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(135): [client 10.0.0.1:59121] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 49 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): X-Forwarded-Server: proxy.cassodemos.com\r\n
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(135): [client 10.0.0.1:59121] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 24 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): Connection: Keep-Alive\r\n
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(135): [client 10.0.0.1:59121] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 22 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): Content-Length: 1475\r\n
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(135): [client 10.0.0.1:59121] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 2 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): \r\n
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(135): [client 10.0.0.1:59121] mod_dumpio: dumpio_in [readbytes-blocking] 1475 readbytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(58): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): 1475 bytes
[Tue Mar 28 18:23:26.297153 2017] [dumpio:trace7] [pid 2964:tid 1664] mod_dumpio.c(100): [client 10.0.0.1:59121] mod_dumpio: dumpio_in (data-TRANSIENT): <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsa="http://www.w3.org/2005/08/addressing" xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc" xmlns:wst="http://schemas.xmlsoap.org/ws/2005/02/trust"><s:Header><wsa:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</wsa:Action><wsa:To s:mustUnderstand="1">https://proxy.cassodemos.com:443/SamplePartnership-Office365/windowstransport</wsa:To><wsa:MessageID>1490739805</wsa:MessageID><wsse:Security><wsu:Timestamp Id="Timestamp"><wsu:Created>2017-03-28T22:23:24Z</wsu:Created><wsu:Expires>2017-03-28T22:28:24Z</wsu:Expires></wsu:Timestamp></wsse:Security></s:Header><s:Body><wst:RequestSecurityToken Id="RST0"><wst:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</wst:RequestType><wsp:AppliesTo><wsa:EndpointReference><wsa:Address>urn:federation:MicrosoftOnline</wsa:Address></wsa:EndpointReference></wsp:AppliesTo><wst:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</wst:KeyType></wst:RequestSecurityToken></s:Body></s:Envelope>

 

Based on this header information, the  EXCEL.EXE was contacting the SPS server directly.

Also, you can see the User-Agent information showing that this is EXCEL.EXE

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; WOW64; .NET4.0C; .NET4.0E; InfoPath.3; MSOIDCRL 7.250.4556.0; App EXCEL.EXE, 15.0.4911.0, {9317BCB6-314B-442F-A5DA-9BC2BEBC271D})\r\n

 

 

And following is the Passive mode.

Passive Requestor mode, dumpio:trace7 Apache error_log
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): GET /affwebservices/redirectjsp/redirect.jsp?login_hint=suser%40cassodemos.com&client-request-id=642c4528-34aa-44d9-92e5-c4c77562dd00&username=suser%40cassodemos.com&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAXWQPUtbURyHc3KjJDoYpIPFRWsGKT035_zvubfnHii0WJf4EqE6OJ63mFBzr70vRp06OBYpfoQuhYxO4uQgKA6SUQuOgnQtlI7GD9DlmZ7f8PzGJnepS1wgHh-CBsSH4LVDXSpqxvNDYk2AfVAeZpQAlrbVwlIagBCkIlQnk2PV-cU3ps_uPh4_XFzm6r7QRy_zJBIdm7VEb0vEMs_aAlwi4lidIjRA6Lj4Is1Tm7zXMk1jY7tx6uq4OyiiX8WJ5oehD8-Ik86B7Tuz7SzbSUW9rqXufpG4u--mbZnYnbgTZc-7-olTM8rTb02gMZeGYeb5PpacWRwG3IREBUQycubUNDNgWgqwBa6HTR7Doa8UJkyCCTzuhVzeOmhQQr9L02VULUz9nZg5Or-pzJeJIyrl0aoz9XVppvCvhH6MDNsf5_40XzXGG9-Org5_RpXC9Uh9ZXsvymCL7kYG-PK67kG-vrAKeqHZ7m1__rR20FjZ32xmZnODv6OCfh9FZ5X_H_YE0&SMPORTALURL=https%3A%2F%2Fproxy.cassodemos.com%2Faffwebservices%2Fpublic%2Fwsfedsso%2F HTTP/1.1\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 34 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): Host: gateway.cassodemos.com\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 13 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): Accept: */*\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 57 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): client-request-id: 642C4528-34AA-44D9-92E5-C4C77562DD00\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 33 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): return-client-request-id: false\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 20 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): x-ms-PKeyAuth: 1.0\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 21 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): x-client-SKU: Win32\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 34 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): x-client-Ver: v1.0.2038.20160526\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 23 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): x-client-OS: 6.3.9600\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 24 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): Accept-Language: en-US\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 32 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): Accept-Encoding: gzip, deflate\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 164 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 31 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): X-Forwarded-For: 192.168.0.11\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 47 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): X-Forwarded-Host: proxy.cassodemos.com\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 49 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): X-Forwarded-Server: proxy.cassodemos.com\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 24 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): Connection: Keep-Alive\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): 2 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_in (data-TRANSIENT): \r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(164): [client 10.0.0.1:62898] mod_dumpio: dumpio_out
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_out (data-HEAP): 1399 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(100): [client 10.0.0.1:62898] mod_dumpio: dumpio_out (data-HEAP): HTTP/1.1 302 Found\r\nDate: Mon, 03 Apr 2017 05:02:14 GMT\r\nServer: Apache/2.4.23 (Win32) OpenSSL/1.0.2h-fips mod_jk/1.2.41\r\nCache-Control: no-store\r\nLocation: https://gateway.cassodemos.com/siteminderagent/ntlm/creds.ntc?CHALLENGE=&SMAGENTNAME=-SM-g00SHbGg4HLNZMsE7KCm0KUW4x%2bFPhEsn9uEgVloiF5P0VTfWwh4LVNz8nZEAubu&TARGET=-SM-HTTPS%3a%2f%2fgateway%2ecassodemos%2ecom%2faffwebservices%2fredirectjsp%2fredirect%2ejsp%3flogin_hint%3dsuser-%40cassodemos%2ecom%26client--request--id%3d642c4528--34aa--44d9--92e5--c4c77562dd00%26username%3dsuser-%40cassodemos%2ecom%26wa%3dwsignin1%2e0%26wtrealm%3durn-%3afederation-%3aMicrosoftOnline%26wctx%3destsredirect-%3d2-%26estsrequest-%3drQIIAXWQPUtbURyHc3KjJDoYpIPFRWsGKT035_zvubfnHii0WJf4EqE6OJ63mFBzr70vRp06OBYpfoQuhYxO4uQgKA6SUQuOgnQtlI7GD9DlmZ7f8PzGJnepS1wgHh--CBsSH4LVDXSpqxvNDYk2AfVAeZpQAlrbVwlIagBCkIlQnk2PV--cU3ps_uPh4_XFzm6r7QRy_zJBIdm7VEb0vEMs_aAlwi4lidIjRA6Lj4Is1Tm7zXMk1jY7tx6uq4OyiiX8WJ5oehD8--Ik86B7Tuz7SzbSUW9rqXufpG4u----mbZnYnbgTZc--7--olTM8rTb02gMZeGYeb5PpacWRwG3IREBUQycubUNDNgWgqwBa6HTR7Doa8UJkyCCTzuhVzeOmhQQr9L02VULUz9nZg5Or--pzJeJIyrl0aoz9XVppvCvhH6MDNsf5_40XzXGG9--Org5_RpXC9Uh9ZXsvymCL7kYG--PK67kG--vrAKeqHZ7m1__rR20FjZ32xmZnODv6OCfh9FZ5X_H_YE0%26SMPORTALURL%3dhttps-%3A-%2F-%2Fproxy%2ecassodemos%2ecom-%2Faffwebservices-%2Fpublic-%2Fwsfedsso-%2F\r\nContent-Length: 0\r\nKeep-Alive: timeout=5, max=99\r\nConnection: Keep-Alive\r\n\r\n
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(164): [client 10.0.0.1:62898] mod_dumpio: dumpio_out
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_out (metadata-EOS): 0 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(164): [client 10.0.0.1:62898] mod_dumpio: dumpio_out
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_out (metadata-EOR): 0 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [speculative-nonblocking] 1 readbytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(150): [client 10.0.0.1:62898] mod_dumpio: dumpio_in - 11
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(164): [client 10.0.0.1:62898] mod_dumpio: dumpio_out
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(58): [client 10.0.0.1:62898] mod_dumpio: dumpio_out (metadata-FLUSH): 0 bytes
[Mon Apr 03 01:02:14.849544 2017] [dumpio:trace7] [pid 5216:tid 1656] mod_dumpio.c(135): [client 10.0.0.1:62898] mod_dumpio: dumpio_in [getline-blocking] 0 readbytes

 

Here you can see the client is still directly accessing the SPS server(through the proxy).

So, in both Active and Passive mode, the Office Client directly authenticates against the SPS(or WA/WAOP).

 

But the User-Agent information looks a bit different.

From testing, I find the User-Agent is different when in Passive mode.

 

"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)"

 

 

It does not really tell if this is a IE browser or something else.

Initially I thought it was IE but my test was performed using Office Clients(WORD, EXCEL, SKYPE and OUTLOOK).

 

So I tried real IE and captured its User-Agent info as below.

"User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko"

 

I found 3 differences.

Mozilla version, rv:11.0 and "like Gecko" are different. 

"rv:11.0" means it is IE11.0

This happens only in Passive mode.

 

In case of Active mode, I was getting the following User-Agent headers.

 

"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; WOW64; .NET4.0C; .NET4.0E; InfoPath.3; MSOIDCRL 7.250.4556.0; App EXCEL.EXE, 15.0.4911.0, {9317BCB6-314B-442F-A5DA-9BC2BEBC271D})"

 

"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 6.3; WOW64; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; MSOIDCRL 7.250.4556.0; App lync.exe, 16.0.7369.2120, {12B07E85-1B47-41C4-A4E2-43B0C66A0CF6})"

 

"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; WOW64; .NET4.0C; .NET4.0E; InfoPath.3; MSOIDCRL 7.250.4556.0; App OUTLOOK.EXE, 15.0.4911.0, {9317BCB6-314B-442F-A5DA-9BC2BEBC271D})"

 

==============================

Another test was performed using "OneDrive for Business" client.

How seamless is "Seamless"?

 

It turns out the experience is equivalent to how the Excel and Word worked.

At the initial launch (or after you have emptied the stored credentials from the "Credential Manager" in control panel), you will need to enter the userID(suser@cassodemos.com) as this allows the client to contact O365 and identify where to go for authentication.

 

OneDrive client app did not ask for userID until I had to goto its systray and click "Sync Now" menu.

 

You will get this prompt and you have to manually enter the userID as shown above.

Once you click "Next" the login is seamless.

Outcomes