Symptoms
Consider the following scenario:
-
You have a web server that is running Apache with Tomcat.
-
You publish the Tomcat web application through Microsoft Forefront Unified Access Gateway (UAG) 2010 Service Pack 1 (SP1) by using a generic web application template.
-
You configure UAG 2010 SP1 to perform single sign-on (SSO) with Kerberos constrained delegation to a back-end web application.
-
After you log on to the UAG portal, you try to access the Tomcat web application that is published.
In this scenario, you may receive an error message that resembles the following:
You do not have permission to view this folder or page.
Cause
This issue can occur if the web application is configured to use SPNEGO authentication, and UAG does not process the response.
Resolution
To resolve this issue, follow these steps:
-
Install the rollup package that is described in the following Microsoft Knowledge Base article:
2647899 Rollup 1 for Forefront Unified Access Gateway (UAG) 2010 Service Pack 1 Update 1
-
Create the following registry entry:
Subkey
HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\eGap\von\UrlFilter
Name
KCDIgnoreNewProvider
Type
REG_DWORD
Value
1
-
At a command prompt, type IISReset, and then press Enter.
-
Start the UAG 2010 configuration.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates