This is a tough one, we have attempted to configure a web service (SAP) to connect as such:
User account on separate forest needs to login to UAG site of different forest that contains the UAG and SAP servers. The clients have private issued SSL certificates and we need to allow them to hit UAG, pass the request to SPNEGO2(SAP) and then authenticate
for access to SAP. The issue is we either get a 401 error or we get a page stating the user cannot be authenticated. i have read every document I can find on SSL and SSO as well as cross forest authentication. We cannot seem to get past this.
when you say different forest, you imply that there is no trust between the sites. If this is the case, you need to setup an ADFS server, which can handle authentication across the gap. UAG will then use the ADFS server for authentication.
You might find good inspiration on the following link: Forefront UAG with AD FS 2.0 topologies
Microsoft réalise une enquête en ligne pour comprendre votre opinion sur le site Web de Technet. Si vous choisissez de participer, l’enquête en ligne vous sera présentée lorsque vous quitterez le site Web de Technet.