Friday, February 15, 2013 10:10 AM
we have an UAG 2010 up and running successfuly working as single-sign-on portal for a handful of web applications (login forms based), a Sharepoint and our OWA.
We want our users to login to the uag with their upn and password. For Sharepoint to work properly, we followed the technet article "http://technet.microsoft.com/en-us/library/ff607424.aspx". Setting the registry key TranslateUPN key to 1 forces the uag to send the samaccountname to our published web apps.
For some web apps this is ok, for others we want the uag to use the upn as username credential. Let's say, we have a web app called app01 that takes the upn as username.
Therefore, based on several forum posts like "http://social.technet.microsoft.com/Forums/en-US/forefrontedgeiag/thread/e7b6cfe5-1518-4a49-a5db-f06f33bbf645/" I edited the myauthenticationservername.inc
' Save UPN in custom session variable pos = InStr(user_name, "@") if pos > 0 then Session("upn") = user_name end if
and the portalname1PostPostValidate.inc like this
' Strip domain from upn username upn = Session("upn") pos = InStr(upn, "\") if pos > 0 then upn = Mid(upn, pos + 1) end if ' Store in Session for WebApp app01 SetSessionResourceParam g_cookie, "862D0FD1CF064D668B972D8C6C6B7E55", "username", upn
Basically, this all works well. So, the uag logs in the user to web app app01 with the upn.
The problem occurs when user1 logs in to uag and then gets logged in by the uag to app01.
Then user1 logs out and without closing the browser user2 logs in. When user2 now wants to log in the app01 via the uag, the uag uses the credentials from user1.
This is, of course, not the desired behaviour. So I guess the variable I set with SetSessionResourceParam or the custom Session("upn")-variable is not destroyed correctly on logout. Do I need to do some custom clean up at logout?
Hope, you understand my problem and anyone can help.
Thanks in advance
Friday, February 15, 2013 3:12 PM
could this problem be a cookie-problem? As long as the browser is not closed, user2 gets logged in to the published web application with credentials of user1. When browser is closed and opened again, user2 gets logged in to the published web app as user2.
In the trunk "Default Session Settings" I have "Activate Endpoint Session Cleanup configured" activated as well as "Delete cookies at logoff".
The problem only occurs to the application that uses upn as username and which therefore gets affected by my custom code as described in the first post.
Thanks for any help. I am desperate.
Sunday, February 17, 2013 1:36 PMModerator
The Session("upn") variable is used by the IIS session (ASPSESSIONID) and not by the UAG session (NLSession).
So it is possible the IIS session still exist while you terminate the UAG session.
My suggestion is to clear the variable after you are using it, so after the SetSessionResourceParam just add something like:
This will prevent the IIS from keeping the Session("upn") and maybe will help you in this scenario.
Note also that you initiate this session param conditionally (i.e. only if pos > 0 then..) so in case this condition does not met, your session param will stay the previous one and will not get overwrite ...
- Marked As Answer by hsgbo Monday, February 25, 2013 10:10 AM
Monday, February 18, 2013 9:36 AM
thanks for help. I followed your advices and also changed the name of the session variable to something custom, so that it does not interfere with the IIS Session variable.
Now it seems to work.
But still, I have a problem with authorization, because the user is not logged off from the published web app when logging off from the uag. Remember, we discussed this in thread "Trigger logout of all published applications when clicking UAG's Logoff button", which I reopened. Do you have any further tips than using the img-trick on the logout page, which doesn't seem to work?
Again, thanks a lot for help.
Tuesday, February 19, 2013 5:54 PMModerator
I replied on the other thread with some suggestions.