Deploying a client authentication infrastructure

[This topic is pre-release documentation and is subject to change in future releases. Blank topics are included as placeholders.]

Forefront Unified Access Gateway (UAG) allows you to control endpoint access to applications and resources published via Forefront UAG using frontend and backend authentication, as follows:

  • Frontend authentication─You can require remote clients to authenticate when connecting to a Forefront UAG portal or site. A site session is opened only for users who authenticate successfully. This ensures that only authenticated traffic is passed to backend servers published via Forefront UAG. Session authentication requires you to define at least one authentication server, against which the credentials of users connecting to a portal or application session are verified. For more information, see Deploying frontend authentication servers.

  • Backend authentication─Forefront UAG provides single sign-on that allows a user to log on once only. The credentials provided by a user can then be used when accessing backend applications published via Forefront UAG. For more information, see Deploying backend authentication mechanisms.