You are currently offline, waiting for your internet to reconnect

Your browser is out-of-date

You need to update your browser to use the site.

Update to the latest version of Internet Explorer

FIX: Preauthenticated user can access additional sites even if the user session has exceeded the time-out period in Forefront Unified Access Gateway 2010

Symptoms
Microsoft Forefront Unified Access Gateway 2010 (UAG) provides cross-site single sign-on (SSO) functionality. This lets users who log on to one Forefront UAG site access additional Forefront UAG sites that are configured in the cross-site list without having to reauthenticate. Forefront UAG 2010 also lets an administrator define session time-out values in the portal trunk properties.

In a Forefront UAG site that's configured for cross-site SSO, a preauthenticated user who has an existing cross-site authorization cookie may be permitted access even if the user session has exceeded the defined portal trunk session time-out period.


Resolution
To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:

2744025 Description of Forefront Unified Access Gateway 2010 Service Pack 3
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
For more information about how to implement cross-site single sign-on and trunk session time-out values, go to the following Microsoft TechNet websites:

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Properties

Article ID: 2812392 - Last Review: 02/20/2013 17:24:00 - Revision: 1.0

  • Microsoft Forefront Unified Access Gateway 2010
  • Microsoft Forefront Unified Access Gateway 2010 Service Pack 1
  • Microsoft Forefront Unified Access Gateway 2010 Service Pack 2
  • kbqfe kbfix kbexpertiseinter kbsurveynew kbbug KB2812392
Feedback
id=1&t=">="https://c1.microsoft.com/c.gif?DI=4050&did=1&t=">ar varCustomerTracking = 1; var Route = "76500"; var Ctrl = ""; document.write(" oad="var m=document.createElement('meta');m.name='ms.dqp0';m.content='false';document.getElementsByTagName('head')[0].appendChild(m);" src="http://c1.microsoft.com/c.gif?">