locked
Using Forefront UAG as an External SSO solution RRS feed

  • Question

  • Hello,

    I want to use UAG to do SSO to several web applications with my company.  This will be used for web apps that are installed on several servers.

    Does UAG require a client software to be installed in order to access those web apps and use the SSO, or is there a way around that?  I don't want over 700,000 customers installing an app on their machine.

    Thank you in advance,

    David

     

    Tuesday, August 3, 2010 10:31 PM

Answers

  • superNaraen,

    your number 1 sounds like what I want to do. 

    A few questions for you:

    1. Are you using IIS authentication? And how?

    2. Are you running AD on the forefront server? Or do you have it on a DC?

    3. Do you just have one trunk for you backend webapps?

    I appreciate your help with this.

    Thanks,

    David

    • Marked as answer by Erez Benari Thursday, September 2, 2010 8:50 PM
    Wednesday, August 11, 2010 4:06 PM

All replies

  • We have had success using it for external SSO for web applications without the client components. We were able to completely turn it off for a trunk by Configure trunk settings "Configure" >> Session tab >> Session Configuration group box>> Check the "Disable component installation and activation" Haven't had issues so far.
    Tuesday, August 3, 2010 11:39 PM
  • What did you use as your authentication method?  Was it AD or LDAP?

    Thank you for the information thus far.

    David

    Wednesday, August 4, 2010 5:57 PM
  • Hi David,

    The UAG Components are not a requirement for SSO to Web applications (internal or external).  UAG SSO works for AD and LDAP as it works just by passing on the Username and Password.  This means that it will work for almost any authentication method.

    The catch is however... you may need to configure UAG to recognize custom login forms.   The following articles will help you with that:

    http://blogs.technet.com/b/ben/archive/2010/01/23/custom-form-login-sso-how-to.aspx

    http://technet.microsoft.com/en-us/library/dd282925.aspx

    Please also be aware that UAG was not designed to publish external applications.  If you were able to configure it to do so, the above links will greatly help you.

    Thanks,

    Dennis L.
    Celestix Networks

    Wednesday, August 4, 2010 7:12 PM
  • We are using AD. 

    We have 2 types of backend web applications using SSO

    1) running on IIS and using integrated auth

    2) running on apache/tomcat and authenticating against AD via an LDAP bind.

    Hope this helps.

    Wednesday, August 4, 2010 8:31 PM
  • superNaraen,

    your number 1 sounds like what I want to do. 

    A few questions for you:

    1. Are you using IIS authentication? And how?

    2. Are you running AD on the forefront server? Or do you have it on a DC?

    3. Do you just have one trunk for you backend webapps?

    I appreciate your help with this.

    Thanks,

    David

    • Marked as answer by Erez Benari Thursday, September 2, 2010 8:50 PM
    Wednesday, August 11, 2010 4:06 PM