locked
Application Links for User not visible in trusted domain scenario? (only with "All Users are Authorized" options visible) RRS feed

  • Question

  • Hello All,

    here is my configuration:

    Domain1: extranet.company.com (EXT)
    Domain2: intranet.int (INT)

    IAG SP2 is domain member in EXT-Domain
    EXT-Domain trusts INT-Domain
    In the trunk i configured DC of EXT-Domain for authentification.


    I configured 3 Applications in the trunk:
    1. SharePoint1 (in EXT-Domain)
    2. SharePoint2 (in INT-Domain)
    2. RDP to an servers (in INT-Domain and EXT-Domain)

    User logons from the trusted INT-Domain can succcessfull acces the IAG-Portal.

    But Users von INT-Domain can only see the defined applications if i choose "All Users Are Authorized" on Authorization Tab of the apps.
    User can't see the application neither i Authorize them directly "INT\User" or indirect over an AD Group "EXT\Group" where the "INT\User" is member!

    So it seems that IAG don't checks the authorized users from the trusted domain to display the application link when starting the portal!
    The funny thing is, If i create a (shadow-)User in EXT-Domain (can have different password) with same name like in INT-Domain .. and the user logs in with his INT-Account he can see the app :)
    So i assume that IAG checks only by non full-qualified username to control visibility of application-links?!

    So the basic question is:
    How can i enable dynamic visibility of application links in the portal for user of INT-Domain and prevent "All Users are Authorized" checkbox or creating "shadow-users" for every INT-User?

    Has someone the same scenario and can reproduce?

    Does someone know if this "problem" also fixed in UAG? So upgrade would resolve..


    Greetings,
    JJ

    Thursday, April 29, 2010 8:15 PM

Answers