Authenticating users on a single portal with both Client Certificates and CAC cards (depending) RRS feed

  • Question

  • I'm trying to configure a new capability for my company that will allow external users to connect and collaborate.  We need our people to be able to collaborate regardless of their second factor mechanism. 

    Some of my customers/subcontractors use DOD CAC cards.  Others use soft SSL client certificates.  Another group (our employee base accessing remotely) uses an RSA token.  In the Technet documentation, it states that Smart Cards and soft certificates cannot be used on the same portal.  Is this limitation true?  Or is it just a matter of manipulating and combining the VBScript in the sample code .inc files to make it work?

    Our major challenge is that these users are going to be sharing links with one another, so if multiple portals are utilized, we will can guarantee that 1/3 of the links will fail for the other 2/3 of the users.

    Please advise.  Thanks in advance.

    Monday, October 15, 2012 9:56 PM

All replies

  • When you configure a UAG portal to require multiple levels of authentication, you are going to be telling it to do just that - require the user to pass authentication to all of the authentication repositories that are listed for that particular trunk (portal). So you would not be able to add all of these different repositories which require different methods of passing, and allow the users to only input one or the other, or the other. You might be able to require them ALL, I don't even know for sure if that would work, but obviously that is not what you want to do anyway.

    Not to mention that since the documentation states specifically you cannot do it, that you would be immediately falling out of supportability and if you ever had to contact Microsoft for support they would ask you to reverse these settings to proceed with troubleshooting.

    Friday, October 19, 2012 7:33 PM