2

I'm not a network engeneer, but a software engeneer, so this theme is quite unfamiliar for me. We develop a solution, that consists of a server-side web application (with a rest api), working on java server and a client-side ios application (non-browser), that consumes rest services from the server.

Client is authenticated on a server with X509 certificate it has on a smart cart. Everything works great when client has a straignt access to server in our dev environment.

But now we had a production environment, our client supposed to be somewhere in the Internet and our server is located in the intranet. There is an Microsoft Forefront UAG (SP3) as a corporate gateway from internet to intranet. I never used UAG in practice and not even heard about it two days ago, and i cannot understand what features of it do we need to help us to solve our task. To be clear, our task is:

  1. Client should establish https connection with "endpoint" (it was our server in dev environment, now it's UAG server in production environment)
  2. UAG should check client certificate(for valid, non-revoked, etc)
  3. UAG should transfer client request to our intranet-located server application
  4. Critical requirement UAG should "help" server application for futher client authorization. In development environment we used client X509 cert attributes to identify user, but i suggest (am i right?) that UAG needs to terminate SSL session and client request certificate with whole https-request cannot be transfered to backside server. Ok, i agree if UAG will transform client request (after decryption, before translating to server) and put some client certificate details to HTTP Headers for example. Or even if he re-encrypt it with appropriate pair certificate (even if it will harder to process).

Can you help me and say a couple of keywords i need to look through to understand how it will work? There are many new words in UAG featere list (SSL VPN, SSL Tunneling, DirectAccess and so on) and everyone seems a bit related to the task, but i can't understand what i need and what will work as we expected.

Thank you very much.

Mikhail Ivanov
  • 21
  • 1
  • Finally after half-day googling and reading:) I find these topics on technet - http://technet.microsoft.com/en-us/library/dd857269.aspx and http://technet.microsoft.com/en-us/library/ee690462.aspx, they describes mechanics of SSO in UAG and how to configure SSO with SSL auth – Mikhail Ivanov Nov 22 '13 at 10:03

0 Answers0