Deploying a single sign-on solution

Updated: February 1, 2011

Applies To: Unified Access Gateway

Forefront Unified Access Gateway (UAG) can implement single sign-on by using session credentials to authenticate to published backend applications, using the following methods:

• Basic, NTLM, or HTTP forms-based authentication─You can configure any of these methods on the properties of the trunk used to publish the application that require users to authenticate.

• Kerberos constrained delegation—Forefront UAG supports the use of Kerberos constrained delegation, to authenticate users after Forefront UAG has verified their identity by using a non-Kerberos authentication method. For information about setting up Kerberos, see Configuring single sign-on with Kerberos constrained delegation.