Deploying a single sign-on solution

Published: January 11, 2010

Updated: February 1, 2011

Applies To: Unified Access Gateway

Forefront Unified Access Gateway (UAG) can implement single sign-on by using session credentials to authenticate to published backend applications, using the following methods:

  • Basic, NTLM, or HTTP forms-based authentication─You can configure any of these methods on the properties of the trunk used to publish the application that require users to authenticate.

  • Kerberos constrained delegation—Forefront UAG supports the use of Kerberos constrained delegation, to authenticate users after Forefront UAG has verified their identity by using a non-Kerberos authentication method. For information about setting up Kerberos, see Configuring single sign-on with Kerberos constrained delegation.