This topic describes the optional tasks that may be required when deploying Forefront Unified Access Gateway (UAG) and Active Directory Federation Services (AD FS) 2.0 depending on your topology and requirements.
- Configuring SharePoint
2010 AAM applications with AD FS 2.0—Configure the SharePoint
application that you want to publish through Forefront UAG as a
claims-based application and configure your SharePoint server as a
relying party of your organization’s federation server.
Note:You do not configure your SharePoint application to be claims-based using Forefront UAG. However, to allow end users to access the application, you must publish it through Forefront UAG. For information, see SharePoint publishing solution guide. Note:When you publish a SharePoint application through Forefront UAG and set it as the initial application, end users are unable to access the application on the first attempt, only on subsequent attempts. - Configuring SharePoint
2007 AAM applications with AD FS 2.0—Configure the SharePoint
application that you want to publish through Forefront UAG as a
claims-based application and configure your SharePoint server as a
relying party of your organization’s federation server.
- Creating and managing
the AD FS 2.0 application—Configure Forefront UAG in the
partner organization to allow access to the partner
AD FS 2.0 server to remote partner employees.
- Configuring single
sign-on with Kerberos constrained delegation to non-claims-aware
applications—Configure Forefront UAG and your
AD FS 2.0 server to allow users to access published
applications that use Kerberos constrained delegation.
- Configuring claims-based
application authorization—Configure claims-based authorization
for applications published through Forefront UAG.
- Publishing claims-based
applications with an external federation service—Describes how
to publish claims-based applications that use a federation service
that is external to your organization.