Deploying a single sign-on solution
Published: January 11, 2010
Updated: February 1, 2011
Applies To: Unified Access Gateway
Forefront Unified Access Gateway (UAG) can implement single sign-on by using session credentials to authenticate to published backend applications, using the following methods:
Basic, NTLM, or HTTP forms-based authentication─You can configure any of these methods on the properties of the trunk used to publish the application that require users to authenticate.
Kerberos constrained delegation—Forefront UAG supports the use of Kerberos constrained delegation, to authenticate users after Forefront UAG has verified their identity by using a non-Kerberos authentication method. For information about setting up Kerberos, see Configuring single sign-on with Kerberos constrained delegation.