You may end up with an exception when browsing to Exchange 2010 ECP virtual directory directly when using SecureAuth to authenticate, although standard OWA works fine.
The exception will be similar to below
Exception type: Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException
When setting up OWA and ECP to authenticate through SecureAuth if you have OWA as the default redirect set on SecureAuth this will end up throwing a Audience.
Change the Audience URI and Realm value to match the OWA web.config.
1 > Open up the OWA web.config file located “C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\Web.config”
2 > Locate the Audience Uris and make note of the value in your config file, example below.
<add value="mail.example.com/owa/" />
3 > Locate the Realm value and make note of this the url, example below
4 > Make a backup of the ECP config file located “C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\ECP\Web.config”
5 > Open the ECP web.config file and find both the audience Uri and Realm as noted in previous steps and replace the values with them and save.