Creating a custom Forefront TMG 2010 OWA FBA logon page
Today I looked for a solution to edit the default OWA logon page. In our company we use a Form Based Authentication that is configured on a Forefront TMG 2010 server. Currently we are running an Exchange 2003 SP2 Frontend server. The OWA logon page looks like this by default:
OR
There is a way to configure this to our liking. Kay Sellenrode of platini.nl made an FBAeditor to configure this in an easy way. This tool does not have a way to change the color of the logon button and explanation text so at the end of this post i show you how to change that as well. So lets create some fancy company OWA logon screens.
Requirements
FBAeditor – can be found here (http://blogs.platani.nl/?p=257)
Company logo 115 x 456 pixels in GIF format
Company logo 115 x 500 pixels in GIF format
Steps
- First make a backup of C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\ with all sub directories
- Run FBAeditor on the TMG server and browse to C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\Exchange\HTML\ (click on Source Dir)
- Now change the page you want to edit to : usr_pwd.htm (1.)
- Picture name : lgntopl.gif (2.)
- Text Language : select your country (3.)
- Select your new company logo (4.)
- Select apply to all pages and click apply. (5.) Now all htm files will be changed with the new company logo.
- By pressing Preview Page you can take a look on how its going to be. (6.)
- Many organizations don’t have 2 or more domains so we can change the domain\username text to Username
- Now change the page you want to edit to : usr_pwd.htm (1.)
- Select username (2.)
- Change the text from domain\username to Username (3.)
- Confirm the change by clicking Change Text (4.)
- When you are clicking on Preview Page you will see that the button and the explanation text has a color that does not match with the rest of the logon page. There is not a way that you can change this via the FBAeditor tool. We can achieve this by editing a file manually.
- Start notepad and browse to C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\Exchange\HTML\logon_style.ccs
- When looking through the file you’ll see a section that has entries like #eb9c12 and #f9b133. These are the colors used by the logon button.
- You can change this by entering your own required color. You can find the color codes here
- To change the explanation text you must look for the entries #ff6c00
- You can change this by entering your own required color. You can find the color codes here
- Also it is possible to change the Internet Explorer tab name by starting the FBAeditor en change the OWAWindowTitle text box to your liking
- If required you can change the ISA html files as well they can be found here C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\ISA\HTML\
- If all went well you have a fancy FBA logon page like this :
- Note: I found out that the Forefront TMG caches these pages somehow so I had to reboot the server to get the new pages active.
How did you change the colouring on the bottom from yellow to green? Photoshop or did you have an easy way of doing it?
yes. I edited lgnbotl, lgnbotm and lgnbotr with photoshop.
when i am using IE to access the default (and later my customized) TMG login form, i realize that the design breaks at different zoom percentage (specifically, any non 25% interval, e.g. 104%).
do you have the same issue and did you/ how did you fix it?
I checked and I do not have that problem. I also can’t reproduce that issue.
Are you sure the measurements of the pictures are not modified? because it sounds like they are changed and are not default anymore.
I have the same problem. Did you solve it?
I want to change the logo for each language. i it possible?
Yes thats possible but you still need to select language, change the logo, click apply to all pages.. repeat this proces for all languages.
But hey…its much faster then edit all html files by hand.
I need to remove the option to change password. I deleted the text with no problem, but how do I get rid of the check box? Any ideas?
Heather,
This does not have to be done with the FBAeditor. If you check your OWA listener properties and click the Forms tab, you need to remove the checkbox for : allow users to change their passwords.
Richard,
Thx so much for this. It has helped me after cracking my head for so long.
In order to see your changes you do not need to reboot the server, just restart the Firewall Service in Forefront TMG.
THX for the feedback Arturo!
In TMG, we currently have the Exchange 2007 layout as logon page for webmail. Since we have Exchange 2010, is there an easy way to change this to Exchange2010 layout?
Never mind, I already found out that we already had the right layout files on our TMG server. We only needed to replace the folder structure.
Thanks for your instructions. Just made myself, and the whole company very happy with a great new layout :)
Great work..and THX for the feedback
HI there, I have edited the strings.txt using this tool for the domain/user name string and it is not changing on the TMG even after numerous reboots and clearing cache on browser, any ideas?
Thanks
Ignore the last post, just realised there is a strings.txt file for every language!
Hi, is there anyway to remove the “This is a Private Computer” option (Text and Radio Button). I can remove the text by deleting it from the appropriate part in FBA but the radio button stays and allows the user to select.
Thanks
to my knowledge this is not possible because its hardcoded into some dll’s……..anyone ?
Have you trying adding the following to the window_onload function at the top of the usr_pwd.html or usr_pwd_pcode.html (whichever you’re using):-
var rdoPrivate = document.getElementByID(‘rdoPrvt’);
rdoPrivate.Style.display = “none”;
You can do the same with the Public using:-
var rdoPublic = document.getElementByID(‘rdoPblc’);
rdoPublic.Style.display = “none”;
I find that if I click the logon button and don’t fill in all the fields, I automatically get a TMG login form rather the the initial OWA form. HAs anyone else found this – or does anyone know a way of fixing this issue?
Hi, I’m assuming this same can be done for a TMG page used to secure sharepoint? Do you know where I would find the TMG FBA page folder in this case?
Thanks
as TMG cannot delegate to SharePoint HTML forms you’ll need to use the forms on the TMG and modify the files at : C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\ISA\
Hey, great article, thanks! Just wondering if you’ve tried this with the Sharepoint HTML forms? I can replace the logo at the top (lgntop.gif) and the two at the sides (lgnleft and lgnright), but that still leaves me with the blue/grey background to the forms buttons. Don’t suppose you know of a way to edit this?