Active Directory Federation Services (AD FS) 2.0 claims authentication that is configured for a Forefront UAG trunk together with a published Microsoft SharePoint application also use claims authentication. This is true especially in the case in which there is a federated AD FS implementation. In this particular scenario, the total cookie header length can become fairly large. If the client request cookie header is not forwarded appropriately to the published AD FS or SharePoint application, the user may experience intermittent authentication failure or additional AD FS realm selection pages.
Because there may be multiple scenarios that result in a client request that has a total cookie header size greater than 5,120 bytes, Forefront UAG was changed to handle these requests appropriately.
World Wide Web Consortium (W3C) RFC 2109
Article ID: 2812389 - Last Review: Feb 20, 2013 - Revision: 1