Export (0) Print
Expand All

Planning for client authentication

Published: January 11, 2010

Updated: February 1, 2010

Applies To: Unified Access Gateway

Forefront Unified Access Gateway (UAG) allows you to control client endpoint access to published resources, by using the following methods:

  • Require an HTTPS channel between client endpoints and the Forefront UAG server.

  • Apply session authentication. You can require client endpoints to authenticate in order to connect to a portal or an individually published Web application.

Client endpoint access over HTTPS

When you create a trunk to publish a portal or specific Web application, you can specify that client endpoints must communicate with the Forefront UAG server over an HTTPS connection. In this case, you must select a server certificate when you configure the trunk. This certificate is used to authenticate the Forefront UAG server to the client endpoint.

About session authentication

Forefront UAG enables you to control access to internal resources by verifying end user credentials against an authentication database. A portal or application session is opened only for end users who authenticate successfully; end users who cannot authenticate successfully do not gain access. Access is granted per end user, and each authentication instance is only valid for one session. Forefront UAG seamlessly integrates with numerous authentication schemes even if the application being protected has no inherent support for the method you choose to implement, such as, where Forefront UAG serves as a client of the third-party authentication server. In addition, Forefront UAG also enables periodic reauthentication by applying a logoff scheme. After a predetermined time, end users must resubmit credentials to continue working; otherwise, their sessions are terminated.

To define session authentication, you should define an authentication server against which the credentials of end users who connect to a portal or application session are verified. For more information about Forefront UAG client authentication schemes, see Implementing frontend authentication.

 
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft