locked
Problem with SSO in UAG for FBA users when using multiple Authentication Provider RRS feed

  • Question

  • Hi, I am trying to enable SSO in UAG SP-3 for accessing SharePoint 2010 site. Currently on SharePoint 2010, both NTLM and Form Based Authentication is enabled. SharePoint Web Application has two site collections one for AD users and another for FBA Users. 

    In UAG, I need to add these two site collections as different applications in UAG trunk, which should have different authorization rule. For first application SSO for AD users is working fine after publishing application as "Other Web Application (portal host)" and customizing Standard.master page. But for enabling SSO experience for FBA users, I followed the steps available here. After readingthis artificial, I changed the FormLogin.XML file code and activated configuration. But nothing is working for me. Below is code available in FormLogin.xml file

    FormLogin.xml - File Location C:\Program Files\Microsoft Forefront Unified Access Gateway\von\Conf\WizardDefaults\FormLogin\CustomUpdate

    <WHLFILTFORMLOGIN ver="1.0">
      <!-- app_id added by configurator, dont edit -->
      <APPLICATION>
        <APPLICATION_TYPE>SharepointFBA</APPLICATION_TYPE>
    
        <!-- USAGE section is mandatory. "description=" could be "change_password" or "form_login" -->
        <USAGE description="form_login">
    
          <PRIMARY_HOST_URL>.*</PRIMARY_HOST_URL>
    
          <SCRIPT_NAME source="file">Autosubmit_contoso.js</SCRIPT_NAME>
    
          <!-- USER_AGENT could be of any type defined in FormLoginDataDefinitions.xml.  any, ie, netscape are used for back compatibility -->
          <USER_AGENT>
            <!-- AGENT_TYPE could be of any type defined in FormLoginDataDefinitions.xml -->
            <!-- "search=group" indicates all the values in the tag USER_AGENT_GROUP from FormLoginDataDefinitions.xml -->
            <AGENT_TYPE search="group">all_supported</AGENT_TYPE>
            <!-- POLICY should be "multiplatform" or "limited" -->
            <!-- use "limited" if only "change_password" takes place -->
            <POLICY>multiplatform</POLICY>
            <!-- the name of the function to be injected to the form. Not recomended for customization-->
            <SCRIPT_NAME source="data_definition">FormLoginHandler</SCRIPT_NAME>
          </USER_AGENT>
    
          <LOGIN_FORM>
            <!-- one of NAME or ID could be used. Value could be blank if no form search required -->
            <NAME>aspnetForm</NAME>
            <!-- METHOD could be POST or GET -->
            <METHOD>POST</METHOD>
            <!-- CONTROL handling could be "dummy_value", "app_default", "real_value", "conf_default", "user_input" -->
            <CONTROL handling="dummy_value">
              <!-- TYPE could only be USER_NAME, PASSWORD, DOMAIN, DOMAIN_USER, USER_PROVIDED, NEW_PASSWORD -->
              <TYPE>USER_NAME</TYPE>
              <NAME>ctl00$PlaceHolderMain$signInControl$UserName</NAME>
              <DEF_VALUE>siteusr</DEF_VALUE>
            </CONTROL>
            <CONTROL handling="dummy_value">
              <TYPE>PASSWORD</TYPE>
              <NAME>ctl00$PlaceHolderMain$signInControl$password</NAME>
              <DEF_VALUE>sitepass</DEF_VALUE>
            </CONTROL>
          </LOGIN_FORM>
    
        </USAGE>
      </APPLICATION>
    </WHLFILTFORMLOGIN>

    And in Autosubmit_contoso.js file location C:\Program Files\Microsoft Forefront Unified Access Gateway\von\Conf\WebSites\<trunck name>\conf

    function FormLoginSubmit() {
        document.getElementById('login-form').submit();
        return false;
    }

    My requirement is to auto submit username and password when SharePoint FBA login form is displayed.

    Please let me know if more information is required. 


    Tuesday, December 3, 2013 6:21 AM