This topic describes how to configure a custom authentication server or repository on Forefront Unified Access Gateway (UAG).
If you configure a custom server for authentication, by default, the server is configured to block all users. To use the server you configure for authentication, you must do the following:
- Copy the file repository.inc from:
…\Microsoft Forefront Unified Access Gateway\von\InternalSite\samples
to
…\Microsoft Forefront Unified Access Gateway\von\InternalSite\inc\CustomUpdate.
If a CustomUpdate folder is not found in this location, create it.
- Rename the file you copied so that the file name is identical
to the name you define in Server name. For example, if the
server name is uag_server, name the file uag_server.inc.
- Edit the file to implement the required functionality.
To configure a custom authentication server
-
In the Forefront UAG Management console, on the Admin menu, click Authentication and Authorization Servers.
-
On the Authentication and Authorization Servers dialog box, click Add.
-
In the Server type list, click Other.
-
On the Add Authentication Server dialog box, configure the following server settings:
- Server name—Name of the server or
repository. This name is used when you select the server or
repository during the configuration of Forefront UAG. It is also
displayed to end users when they are prompted to select a server
during authentication.
- Use a different server for portal
application authorization—Applicable in portal trunks only.
Select this check box to use a different server, where users and
user groups are defined, for application authorization. In this
case, selecting the server you define as "Other" for application
authorization, brings users and user groups from the associated
server rather than from the "Other" server.
- Select server—Click the server to use
for application authorization. You can use one of the
following:
- Any of the configured authentication servers
where users and user groups are defined, such as, NT Domain or
Notes Directory.
- Built-In Users/Groups—Use the computer’s
Windows Local Users and Groups console. To access the console,
click Launch Local Users and Groups console.
Note: Selecting this option does not enable you to define the local computer’s Windows Local Users and Groups console as an authentication server. To define the local computer as the authentication server, select the NT Domain server-type, and enter the name of the local computer in the NT Domain field. - Any of the configured authentication servers
where users and user groups are defined, such as, NT Domain or
Notes Directory.
- Server name—Name of the server or
repository. This name is used when you select the server or
repository during the configuration of Forefront UAG. It is also
displayed to end users when they are prompted to select a server
during authentication.
-
On the Add Authentication Server dialog box, click OK, and then on the Authentication and Authorization Servers dialog box, click Close.