locked
UAG SP2 - SSO for FBA application RRS feed

  • Question

  • Our company is currently in the process of implementing UAG as a proxy/portal solution for our employees located off-site to access various internal web applications. Everything appears to be working fine with the exception of the SSO component. 

    I've done a ton of reading and research to attempt to figure this out, and have tried just about everything I can think of to no avail.

    Here is our situation:

    We have a couple FBA applications that both accept ADS credentials for authentication. I have set up the applications in UAG like so:

    • Add a new application to our trunk using the Add Application Wizard, as a Other Web Application (portal hostname).
    • Gave the applications a name and type, and selected Configure an application server. Gave them proper addresses, left the paths and ports to default. 
    • Checked 'Use SSO', selected our domain as the authentication server, and selected 'HTML form' as the authentication method.

    On the server:

    • Created FormLogin.xml at Microsoft Forefront Unified Access Gateway\von\Conf\WizardDefaults\FormLogin\CustomUpdate.
    • Modified the file to reflect the new application(s), including the proper APPLICATION_TYPE, form fields (taken from the "name", not the "id" - though I've tried both - of the fields), and form name. 
    • Save/Activate configuration, Restart IIS

    At this point I go to UAG to test everything, open the application, and am usually presented with the login form that should be auto-filled. Here's the kicker: Every now and then it suddenly works, without changing any configuration or files. And just as suddenly, it stops working.

    Going into the HTML source, I can see the form name, the field names, etc, and everything matches. It almost appears as though, for some reason, UAG just doesn't recognize the page as the authentication page sometimes. The form is found on /Default.aspx. Here is our FormLogin.xml:

    <WHLFILTFORMLOGIN ver="1.0">
      <!-- app_id added by configurator, dont edit -->
      <APPLICATION>
        <APPLICATION_TYPE>FILESHARE</APPLICATION_TYPE>
        <USAGE description="form_login">
          <PRIMARY_HOST_URL>.*default\.aspx</PRIMARY_HOST_URL>
          <SCRIPT_NAME source="data_definition">FormLoginHandler</SCRIPT_NAME>
          <USER_AGENT>
            <AGENT_TYPE search="group">all_supported</AGENT_TYPE>
            <POLICY>multiplatform</POLICY>
            <SCRIPT_NAME source="data_definition">FormLoginHandler</SCRIPT_NAME>
          </USER_AGENT>
          <LOGIN_FORM>
            <!-- one of NAME or ID could be used. Value could be blank if no form search required -->
            <NAME>aspnetForm</NAME>
            <METHOD>POST</METHOD>
            <CONTROL handling="dummy_value">
              <TYPE>USER_NAME</TYPE>
              <NAME>ctl00$ContentPlaceHolder1$TextBoxUsername</NAME>
              <DEF_VALUE>sitedomain\siteusr</DEF_VALUE>
            </CONTROL>
            <CONTROL handling="dummy_value">
              <TYPE>PASSWORD</TYPE>
              <NAME>ctl00$ContentPlaceHolder1$TextBoxPassword</NAME>
              <DEF_VALUE>sitepass</DEF_VALUE>
            </CONTROL>
          </LOGIN_FORM>
        </USAGE>
      </APPLICATION>
    </WHLFILTFORMLOGIN>

    I'm sure there is some piece of information I'm forgetting to include, so if anyone needs clarification, let me know and I'll do my best to answer.

    Thanks for any assistance you guys can give. 

    Monday, October 1, 2012 6:55 PM

All replies

  • Hello

    I am also facing the same issue. Did you find any solution? If yes, can you please update?


    Jimmy Mathew, Parackattu

    Sunday, October 28, 2012 6:21 PM