How do you setup a sharepoint 2010 extranet that delivers SSo via UAG?


  • Hi,

    I have to design and implement a sharepoint 2010 enterprise intranet, internet and extranet platform where external users authenticate first through UAG and get a single sign on experience.

    (So UAG passes credentials to sharepoint)

    Does anyone have any links or docs about how to set up something like this?

    I can't find any good info anywhere - bit and pieces yes but I'd like some kind of guide really!

    • Edited by xyz2012 Saturday, November 24, 2012 5:19 PM
    Saturday, November 24, 2012 5:17 PM


All replies

  • How you do this really depends on your scenario.  Are you using AFDS?  Claims Web Apps?  Classic NTLM or Kerberos?  There are a lot of scenarios covered if you search for "SharePoint UAG Single Sign On", and like I said, they vary depending on authentication method.

    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP - 2012

    Saturday, November 24, 2012 6:43 PM
  • Thanks for your answer.

    I want to use whatever is simplest to implement. I do not want ADFS as you need a trust to the domain which the external user is on.

    Kerberos is a bit complex.

    Will classic NTLM work? If so are there any drawbacks? Do you need AD in the perimeter domain? Can I use ADLS? I read that UAG does not support this true?

    Classic NTLM sounds like the simplest way to do this - is it?

    Have you ever used classic ntlm in an extranet with uag and sharepoint?


    Saturday, November 24, 2012 7:56 PM
  • Kerberos isn't usable over the Internet regardless :)  If your web applications are going to be using NTLM, that should be fairly easy.  UAG isn't my strong point, but here are a couple of articles:

    SharePoint - Nauplius Applications
    Microsoft SharePoint Server MVP - 2012

    Monday, November 26, 2012 4:27 AM