none
Cannot get KCD to work in UAG RRS feed

  • Question

  • I am running UAG on server 2008 64bit. I configured the portal to except uername an pw with know issue. I the went thourgh the MS doc and set for smart card. everytime i try the site i get the following on the web page. we use UPN on our smartcard to authenticate.

    User validation error
    Failed to authenticate user. (this meeasge appears on the web page)

    the following errors i see in the web monitor

    User testuser with source IP address 192.168.1.65 failed to log into trunk testportal (secure=1) using authentication server testserver with session ID BB300380-F2EF-L921-AFC6-084821155. Error code is Failed to get the session param [SubjectEMAIL].

    User 15687492581 with source IP address 192.168.1.65 failed to log into trunk testportal (secure=1) using authentication server testserver with session ID BB300380-F2EF-L921-AFC6-084821155. Error code is Failed to get the session param [SubjectEMAIL].

    I have tried several combination of subjectCN,subject, subjectupn i get some things back for subject and subjectcn but it tells me it does not match the username.

    Some folks fixed the same issue in IAG from the following link. http://forums.forefrontsecurity.org/?g=posts&t=90 it dosent sime to help me in UAG.  im pretty sure i config everything as stated in the following ms artical http://technet.microsoft.com/en-us/library/ee861163.aspx

    Any help please........................

    Friday, March 26, 2010 6:47 PM

Answers

  • You need to make sure your smart cards indeed have the users "User Principal Name" in the Subject Email field.

    I found that a majority of companies actually use the Subject Alternative Name field >> UPN. 

    The article you linked for ee861163 will show you how to modify your code to support various smartcard scenerios.

    Thanks
    Dennis

    • Marked as answer by Erez Benari Wednesday, April 28, 2010 12:24 AM
    Thursday, April 22, 2010 5:35 AM