Optional deployment tasks
Updated: July 31, 2012
Applies To: Unified Access Gateway
This topic describes the optional tasks that may be required when deploying Forefront Unified Access Gateway (UAG) and Active Directory Federation Services (AD FS) 2.0 depending on your topology and requirements.
Configuring SharePoint 2010 AAM applications with AD FS 2.0—Configure the SharePoint application that you want to publish through Forefront UAG as a claims-based application and configure your SharePoint server as a relying party of your organization’s federation server.
You do not configure your SharePoint application to be claims-based using Forefront UAG. However, to allow end users to access the application, you must publish it through Forefront UAG. For information, see SharePoint publishing solution guide.
When you publish a SharePoint application through Forefront UAG and set it as the initial application, end users are unable to access the application on the first attempt, only on subsequent attempts.
Configuring SharePoint 2007 AAM applications with AD FS 2.0—Configure the SharePoint application that you want to publish through Forefront UAG as a claims-based application and configure your SharePoint server as a relying party of your organization’s federation server.
Creating and managing the AD FS 2.0 application—Configure Forefront UAG in the partner organization to allow access to the partner AD FS 2.0 server to remote partner employees.
Configuring single sign-on with Kerberos constrained delegation to non-claims-aware applications—Configure Forefront UAG and your AD FS 2.0 server to allow users to access published applications that use Kerberos constrained delegation.
Configuring claims-based application authorization—Configure claims-based authorization for applications published through Forefront UAG.
Publishing claims-based applications with an external federation service—Describes how to publish claims-based applications that use a federation service that is external to your organization.