This topic describes how to configure the SSL client certificate authentication scheme in Forefront Unified Access Gateway (UAG) to require a certificate that contains the user’s e-mail address in the certificate subject, in order to compare it with the mail attribute in Active Directory.

For this scenario, the certificate subject must include the user’s e-mail address.

Note:
This scenario works with the default Active Directory Certificate Services (AD CS) “User” certificate template, when the user’s e-mail adderss is configured in Active Directory Domain Services (AD DS).

To authenticate using a certificate with e-mail in the subject

  1. Copy the file site_secure_SmartCard_cert.inc from:

    ...\Microsoft Forefront Unified Access Gateway\von\InternalSite\samples

    to the following custom folder:

    ...\ Microsoft Forefront Unified Access Gateway\von\InternalSite\inc\CustomUpdate

  2. Rename the file as follows:

    <Trunk_Name>1cert.inc

    For example, for a trunk named UAGPortal, name the file UAGPortal1cert.inc.

  3. In the UAGPorta1cert.inc file, locate the line subject_array(0) = “SubjectEMAIL” and make sure it does not have a comment mark.

    The file should contain the following:

      Copy Code
    'SubjectEMAIL
    subject_array(0) = "SubjectEMAIL"
    
    'Subject
    'subject_array(0) = "Subject"
    
    'SubjectCN
    'subject_array(0) = "SubjectCN"
    
  4. From the samples folder, copy the file repository_for_cert.inc to the CustomUpdate folder. Rename the file as follows:

    <Server_Name>.inc

    where <Server_Name> is the name of your LDAP authentication server. For example, if you named the server "ContosoAD", name the file ContosoAD.inc.

  5. In the ContosoAD.inc file make sure that param_email.Name = “SubjectEMAIL” for the Session Manager parameter.

  6. In the ContosoAD.inc file make sure that param_email.Name = “mail” for the User Manager parameter.

508 Resource Limit Is Reached

Resource Limit Is Reached

The website is temporarily unable to service your request as it exceeded resource limit. Please try again later.