none
Create Two Trunks with the Same External Name RRS feed

  • Question

  • How do people deal with using a SAN certificate with the same external public host name for multiple UAG trunks.  The reason is that I would like to use different authentication properties for each of the different trunks. When I attempt to do this UAG tells me that my new trunk uses an IP/port number combination already in use.  It would be nice to be able to configure authentication on the Application level and now the Trunk level.

    Thursday, May 24, 2012 7:51 PM

All replies

  • A second trunk is not likely the way to solve your issue as the public name is the same. It depends on what are you trying to achieve in this configuration and what authentication methods you need to support... why do you need the second trunk would be the first question to spring to mind.. as you are probably already aware you can set multiple authentication servers on a single trunk and the user can select the appropriate authentication service from a drop-down list when logging on at UAG. If you want to support more dynamic forms of authentication via a single trunk without user interaction, then this may be realised through RADIUS and (also) third-party solutions, but it depends on what auth methods you need to support and what the use case is.

    Regards,

    Mylo

    Thursday, May 24, 2012 9:54 PM
  • In order to configure SSO I need to specify that "users authenticate to each server" and  "Authenticate to each server with the same user name" which breaks my other application that's published through the same trunk.  Can this be set on the application level instead of the trunk level?
    Friday, May 25, 2012 11:58 AM
  • But you stated that you want to deal with different authentication properties.. you can do that by including/defining additional authentication servers that can be applied at a trunk or per application level...with the trunk, the user must select, with the application it may imply another form of authentication that affects SSO... Are you saying that you want to apply different authentication types at trunk or at the application level? Depending on the application, the discussion may vary..

    Sorry.. need to better understand the use cases and applications that you are trying to integrate..

    Regards,

    Mylo

    Tuesday, May 29, 2012 8:44 PM
  • I would like to apply different authentication properties on the application level and not the trunk level.  Right now I have the following authentication properties configured on the trunk level: "users authenticate to each server" and  "Authenticate to each server with the same user name".  This allows me to perform a SSO for one application but breaks authentication for another application.
    Thursday, May 31, 2012 1:46 PM
  • Well you can ... whether it works or not is determined by what authentication type the application supports. If you're using a common protocol between your applications, e.g. Kerberos, then SSO between applications should work, assuming the application is in the local domain.

    The reference that you allude to with "Authenticate to each server with the same user name"  is based on access scenarios where you're using multiple authentication servers on that trunk. If you logon at the trunk with a single authentication server, then the username provided is assumed in any SSO scenarios at the application level.

    Regards,

    Mylo

    Friday, June 8, 2012 8:16 PM