Forefront Unified Access Gateway (UAG) can implement single sign-on by using session credentials to authenticate to published backend applications, using the following methods:
- Basic, NTLM, or HTTP forms-based
authentication─You can configure any of these methods on the
properties of the trunk used to publish the application that
require users to authenticate.
- Kerberos constrained delegation—Forefront UAG
supports the use of Kerberos constrained delegation, to
authenticate users after Forefront UAG has verified their identity
by using a non-Kerberos authentication method. For information
about setting up Kerberos, see Configuring single
sign-on with Kerberos constrained delegation.