You edit the WhlFiltSSO.ini and Sso.inc sample files in Microsoft Forefront Unified Access Gateway (UAG) 2010 Service Pack 1 (SP1) or a later version to implement cross-site single sign-on. You do this to enable users who log on to one Forefront UAG site to access additional Forefront UAG sites without having to reauthenticate. However, when a user tries to access additional Forefront UAG sites, the user must provide credentials to access the sites.
This problem occurs because the WhlFiltSSO.ini and Sso.inc files were not code upgraded since the release of Forefront Unified Access Gateway 2010.
To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:
2744025 Description of Forefront Unified Access Gateway 2010 Service Pack 3
To work around this problem in Forefront UAG 2010 SP1 or a later version, remove the dot from the lines that contain "contoso.com" in the WhlFiltSSO.ini and Sso.inc files.
SSO_COOKIE_DOMAIN = "contoso.com"
SSO_COOKIE_EXPIRE = 300
MAX_SSO_SITES = 5
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about how to implement cross-site single sign-on, go to the following Microsoft TechNet webpage:
Implementing cross-site single sign-on
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates