none
UAG to SPNEGO2 (SAP) cross Forest SSL to Kerberos authentication.

    Question

  • This is a tough one, we have attempted to configure a web service (SAP) to connect as such:

    User account on separate forest needs to login to UAG site of different forest that contains the UAG and SAP servers.  The clients have private issued SSL certificates and we need to allow them to hit UAG, pass the request to SPNEGO2(SAP) and then authenticate for access to SAP.  The issue is we either get a 401 error or we get a page stating the user cannot be authenticated.  i have read every document I can find on SSL and SSO as well as cross forest authentication.  We cannot seem to get past this. Any ideas?

    thanks

    vendredi 17 mai 2013 18:47

Toutes les réponses

  • Hiya,

    when you say different forest, you imply that there is no trust between the sites. If this is the case, you need to setup an ADFS server, which can handle authentication across the gap. UAG will then use the ADFS server for authentication.

    You might find good inspiration on the following link:
    Forefront UAG with AD FS 2.0 topologies
    http://technet.microsoft.com/en-us/library/gg274298.aspx

    mardi 21 mai 2013 07:50