none
Publish SharePoint - no 'Portal' Page, and Forms Authentication, and the Internal Site name is the same as External

    Question

  • Well, here's a tricky one I think. We have an internal SharePoint Site Collection provisioned on a webapp with the same internal URL as the external site needs to be published - so https://sharepoint.company.uk is the internal site AND the external site name. The site is using both AD and Forms authentication (as a plug in to SharePoint). Now, we want to take advantage of the URL inspection stuff in UAG, and all the other nice 'application' layer things, but we don't want:-

    1) External users to have to authenticate to the 'trunk' as they will be doing this within SharePoint.

    2) To be able to Publish SharePoint as the 'trunk' so that the URL is passed through to the SP servers.

    I realise that some of the nice security bits in UAG are not being utilised, but I am trying to figure out how to implement the solution for the above scenario.

    What I have done is:-

    1) Deploy a Trunk with a 'made up' public host name.

    2) Added The SharePoint application to the available applications on the Trunk.

    3) Changed the 'Portal' page to the SharePoint Application.

    4) Configured the Truck to not require authentication.

    Now, I figured this would work, but I get a UAG error of 'You cannot access this site due to an internal error'. I cannot find any more helpful info in the Web Monitor, or the Event Logs...

    So, you UAG gurus, any help and advise would be greatly received.

    Thanks

    Phil


    Phil

    Wednesday, March 20, 2013 5:05 PM

Answers

  • We have found that it is possible to do this but first installing SP3... Then you can deploy with the trunk with a made up and non-resolvable DNS name, in this trunk add the SharePoint application (with a DNS name which is resolvable). Then deselect the need to authenticate to the trunk, and configure the SP Application to not require authentication either. This way the external user is able to 'proxy' through UAG directly to the SP published application, and use FBA to authenticate.

    Phil


    Phil

    • Marked as answer by Philip Luke Monday, March 25, 2013 3:10 PM
    Monday, March 25, 2013 3:10 PM