Home > Forefront TMG 2010 > Creating a custom Forefront TMG 2010 OWA FBA logon page

Creating a custom Forefront TMG 2010 OWA FBA logon page


Today I looked for a solution to edit the default OWA logon page. In our company we use a Form Based Authentication that is configured on a Forefront TMG 2010 server. Currently we are running an Exchange 2003 SP2 Frontend server. The OWA logon page looks like this by default:

OR

There is a way to configure this to our liking. Kay Sellenrode of platini.nl made an FBAeditor to configure this in an easy way. This tool does not have a way to change the color of the logon button and explanation text so at the end of this post i show you how to change that as well. So lets create some fancy company OWA logon screens.

Requirements
FBAeditor – can be found here (http://blogs.platani.nl/?p=257)
Company logo 115 x 456 pixels in GIF format
Company logo 115 x 500 pixels in GIF format

Steps

  • First make a backup of C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\ with all sub directories
  • Run FBAeditor on the TMG server and browse to C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\Exchange\HTML\ (click on Source Dir)

  •  Now change the page you want to edit to : usr_pwd.htm (1.)
  • Picture name : lgntopl.gif (2.)
  • Text Language : select your country (3.)
  • Select your new company logo (4.)
  • Select apply to all pages and click apply. (5.) Now all htm files will be changed with the new company logo.
  • By pressing Preview Page you can take a look on how its going to be. (6.)

  • Many organizations don’t have 2 or more domains so we can change the domain\username text to Username
  • Now change the page you want to edit to : usr_pwd.htm (1.)
  • Select username (2.)
  • Change the text from domain\username to Username  (3.)
  • Confirm the change by clicking Change Text (4.)

  • When you are clicking on Preview Page you will see that the button and the explanation text has a color that does not match with the rest of the logon page. There is not a way that you can change this via the FBAeditor tool. We can achieve this by editing a file manually.

  • Start notepad and browse to C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\Exchange\HTML\logon_style.ccs
  • When looking through the file you’ll see a section that has entries like #eb9c12 and #f9b133. These are the colors used by the logon button.

  • You can change this by entering your own required color. You can find the color codes here
  • To change the explanation text you must look for the entries #ff6c00

  • You can change this by entering your own required color. You can find the color codes here
  • Also it is possible to change the Internet Explorer tab name by starting the FBAeditor en change the OWAWindowTitle text box to your liking
  • If required you can change the ISA html files as well they can be found here C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\ISA\HTML\
  • If all went well you have a fancy FBA logon page like this :

  • Note: I found out that the Forefront TMG caches these pages somehow so I had to reboot the server to get the new pages active. -> Arturo pointed out that you only need to start the firewall service to reflect these changes.
Advertisements
  1. emer
    March 13, 2011 at 9:05 pm

    How did you change the colouring on the bottom from yellow to green? Photoshop or did you have an easy way of doing it?

    • March 14, 2011 at 8:21 am

      yes. I edited lgnbotl, lgnbotm and lgnbotr with photoshop.

  2. vincent
    March 17, 2011 at 2:54 pm

    when i am using IE to access the default (and later my customized) TMG login form, i realize that the design breaks at different zoom percentage (specifically, any non 25% interval, e.g. 104%).

    do you have the same issue and did you/ how did you fix it?

    • March 18, 2011 at 8:50 am

      I checked and I do not have that problem. I also can’t reproduce that issue.
      Are you sure the measurements of the pictures are not modified? because it sounds like they are changed and are not default anymore.

    • Alora
      February 14, 2012 at 8:02 am

      I have the same problem. Did you solve it?

  3. Uwe
    March 30, 2011 at 2:12 pm

    I want to change the logo for each language. i it possible?

    • March 31, 2011 at 3:36 pm

      Yes thats possible but you still need to select language, change the logo, click apply to all pages.. repeat this proces for all languages.
      But hey…its much faster then edit all html files by hand.

  4. April 27, 2011 at 4:57 pm

    I need to remove the option to change password. I deleted the text with no problem, but how do I get rid of the check box? Any ideas?

    • April 28, 2011 at 8:25 am

      Heather,

      This does not have to be done with the FBAeditor. If you check your OWA listener properties and click the Forms tab, you need to remove the checkbox for : allow users to change their passwords.

  5. Ken Murambi
    April 30, 2011 at 7:21 am

    Richard,

    Thx so much for this. It has helped me after cracking my head for so long.

  6. Arturo Dominguez
    May 13, 2011 at 10:09 pm

    In order to see your changes you do not need to reboot the server, just restart the Firewall Service in Forefront TMG.

  7. Chris
    June 17, 2011 at 2:05 pm

    In TMG, we currently have the Exchange 2007 layout as logon page for webmail. Since we have Exchange 2010, is there an easy way to change this to Exchange2010 layout?

    • Chris
      June 17, 2011 at 5:14 pm

      Never mind, I already found out that we already had the right layout files on our TMG server. We only needed to replace the folder structure.
      Thanks for your instructions. Just made myself, and the whole company very happy with a great new layout :)

      • June 23, 2011 at 9:10 am

        Great work..and THX for the feedback

  8. Andreq
    July 21, 2011 at 5:37 pm

    HI there, I have edited the strings.txt using this tool for the domain/user name string and it is not changing on the TMG even after numerous reboots and clearing cache on browser, any ideas?

    Thanks

  9. Andreq
    July 21, 2011 at 5:54 pm

    Ignore the last post, just realised there is a strings.txt file for every language!

  10. Gary
    October 18, 2011 at 3:19 pm

    Hi, is there anyway to remove the “This is a Private Computer” option (Text and Radio Button). I can remove the text by deleting it from the appropriate part in FBA but the radio button stays and allows the user to select.

    Thanks

    • November 8, 2011 at 2:13 pm

      to my knowledge this is not possible because its hardcoded into some dll’s……..anyone ?

      • Dwain
        December 15, 2011 at 1:35 pm

        Have you trying adding the following to the window_onload function at the top of the usr_pwd.html or usr_pwd_pcode.html (whichever you’re using):-

        var rdoPrivate = document.getElementByID(‘rdoPrvt’);
        rdoPrivate.Style.display = “none”;

        You can do the same with the Public using:-

        var rdoPublic = document.getElementByID(‘rdoPblc’);
        rdoPublic.Style.display = “none”;

  11. Dwain
    December 15, 2011 at 12:04 pm

    I find that if I click the logon button and don’t fill in all the fields, I automatically get a TMG login form rather the the initial OWA form. HAs anyone else found this – or does anyone know a way of fixing this issue?

  12. Andras
    January 17, 2012 at 1:25 pm

    Hi, I’m assuming this same can be done for a TMG page used to secure sharepoint? Do you know where I would find the TMG FBA page folder in this case?
    Thanks

    • January 18, 2012 at 8:56 am

      as TMG cannot delegate to SharePoint HTML forms you’ll need to use the forms on the TMG and modify the files at : C:\Program Files\Microsoft Forefront Threat Management Gateway\Templates\CookieAuthTemplates\ISA\

  13. AndyB
    January 27, 2012 at 1:14 pm

    Hey, great article, thanks! Just wondering if you’ve tried this with the Sharepoint HTML forms? I can replace the logo at the top (lgntop.gif) and the two at the sides (lgnleft and lgnright), but that still leaves me with the blue/grey background to the forms buttons. Don’t suppose you know of a way to edit this?

  14. July 21, 2012 at 12:48 pm

    If some one needs expert view concerning blogging after that i suggest him/her to pay a quick
    visit this weblog, Keep up the nice job.

  15. James
    July 14, 2013 at 1:24 pm

    richardkok :
    THX for the feedback Arturo!

    How about changing the text to reflect this to save people restarting the server?

  16. Muthu
    October 19, 2013 at 11:10 am

    Excellent Article Richard. I think I’ve figured out most of it, but except for a strange fact. Ideally, the users should be receiving the OWA login page but I don’t understand why they keep getting the TMG login page. Cos of this, my changes to strings.txt under Exchange is not really effective. Any thoughts?

  17. November 6, 2013 at 2:25 pm

    Nice article Richard!
    I will give this a shot

  1. May 10, 2011 at 7:57 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: