The External Collaboration Toolkit for SharePoint (ECTS) is something I’m using at the moment to provide Extranet capabilities for a SharePoint 2007 farm.
ECTS uses an Active Directory Application Mode (ADAM) instance to store credentials for external users, and it registers those users by taking their email address as their user name, e.g. email@example.com.
I am using an Intelligent Application Gateway (IAG) appliance to publish the extranet site to the Internet, but I was having some problems getting the authentication to work for the external users.
On the IAG, I created an authentication repository for ADAM, and it seemed to work fine, plus I could connect using LDP.exe from the IAG to ADAM.
However, when an external user was authenticating, the IAG was logging a failure to authenticate, with the phrase ‘Missing Credentials’ involved.
A PSS call later, it transpires that IAG does not currently support UPN logons, without a lot of customisation. Out of the box, it is only designed to handle domain\username type of logons.
Waiting to hear back about the nature of the customisation required, but in the meantime, I’ve configured IAG to not authenticate, but instead just perform the session validation, then display the normal SharePoint logon form. Not as secure as I wanted, but it works.