Symptoms
Consider the following scenario in Microsoft Forefront Unified Access Gateway (UAG) 2010:
-
You have a Forefront UAG trunk portal that is configured to perform trunk authentication to an Active Directory or other non-Active Directory Federation Services (AD FS) repository.
-
You publish an AD FS server by using the built-in (AD FS) 2.0 template.
-
You configure an application for single sign-on from the trunk repository.
In this scenario, you may find that single sign-on does not occur, and you have to authenticate again to the AD FS server.
Cause
This problem may occur because of any of the following:
-
You upgrade a working configuration to UAG Service Pack 2 or Service Pack 3 in some cases.
-
You add a new trunk that uses the AD FS repository that is linked to the published AD FS server for trunk authentication.
-
You make any change to the AD FS application properties.
Resolution
To resolve this problem, install Service Pack 4 for Microsoft Forefront Unified Access Gateway 2010.
Workaround
To work around this problem in some cases, remove and republish the AD FS server.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
See the terminology Microsoft uses to describe software updates.
