Tuesday, September 14, 2010

Enabling UAG 2010 UPN Logon

Another UAG 2010 issue that we came across!!

By default, true UPN logon (e.g. username@domain.com) is not enabled when logging onto a UAG trunk. As a result, we had a site with UAG 2010 enabled and an SSL Portal presenting OWA and Sharepoint out to the internet. We had SSO configured for AD authentication.

When we would logon to the SSL Portal with a standard username such as kevin.greene, then OWA and Sharepoint would work fine. When we attempted to logon to the portal with a UPN such as kevin.greene@domain.com, then the OWA application would work fine, but the Sharepoint app would present us with a 'Permission Not Granted' error message and would proceed no further. When we monitored the UAG Web Monitor, we found that UAG was processing the UPN logon as domain\kevin.greene@domain.com and when Sharepoint attempted to read this logon string, it didn't want to know about it!!!

We found this on Microsoft's Technet site that pointed us in the right direction to resolving the UPN logon issue:

http://technet.microsoft.com/en-us/library/ee809087.aspx

If you take a look at the section that describes the 'TranslateUPN' registry key, there are 5 steps to follow that will enable UPN logon to pass through correctly to the Sharepoint server.

Hope this saves someone else out there some time on site!!

4 comments:

  1. What did you call the .inc files?

    ReplyDelete
  2. Hi there,

    You need to rename 'repository_for_upn.inc' to the name of the server that you have configured UAG to authenticate with.

    In most cases, this will be an Active Directory server but you will need to confirm which one from your UAG policy under the 'Authentication' section.

    Kevin.

    ReplyDelete
  3. John Dod, SC Dept of Ed:

    The TranslateUPN key translates the UPN to DOMAIN\username.

    The name to name the include file is .inc

    I named my auth server AD when I configured it in UAG, so the name of my include file is AD.inc

    ReplyDelete
  4. Thanks for sharing two factor authentication uag. I also facing the same issue where Sharepoint app presenting the 'Permission Not Granted' error message. Link you have mention in your blog is really help me to get out of this problem.

    ReplyDelete