This topic describes how to configure the SSL client certificate authentication scheme in Forefront Unified Access Gateway (UAG) to require a certificate that contains the user’s e-mail address in the certificate subject, in order to compare it with the mail attribute in Active Directory.

For this scenario, the certificate subject must include the user’s e-mail address.

This scenario works with the default Active Directory Certificate Services (AD CS) “User” certificate template, when the user’s e-mail adderss is configured in Active Directory Domain Services (AD DS).

To authenticate using a certificate with e-mail in the subject

  1. Copy the file from:

    ...\Microsoft Forefront Unified Access Gateway\von\InternalSite\samples

    to the following custom folder:

    ...\ Microsoft Forefront Unified Access Gateway\von\InternalSite\inc\CustomUpdate

  2. Rename the file as follows:


    For example, for a trunk named UAGPortal, name the file

  3. In the file, locate the line subject_array(0) = “SubjectEMAIL” and make sure it does not have a comment mark.

    The file should contain the following:

      Copy Code
    subject_array(0) = "SubjectEMAIL"
    'subject_array(0) = "Subject"
    'subject_array(0) = "SubjectCN"
  4. From the samples folder, copy the file to the CustomUpdate folder. Rename the file as follows:


    where <Server_Name> is the name of your LDAP authentication server. For example, if you named the server "ContosoAD", name the file

  5. In the file make sure that param_email.Name = “SubjectEMAIL” for the Session Manager parameter.

  6. In the file make sure that param_email.Name = “mail” for the User Manager parameter.

508 Resource Limit Is Reached

Resource Limit Is Reached

The website is temporarily unable to service your request as it exceeded resource limit. Please try again later.