IAG 2007 and SharePoint ECTS – UPN logon format not supported

The External Collaboration Toolkit for SharePoint (ECTS) is something I’m using at the moment to provide Extranet capabilities for a SharePoint 2007 farm.

ECTS uses an Active Directory Application Mode (ADAM) instance to store credentials for external users, and it registers those users by taking their email address as their user name, e.g. joe@bloggs.com.

I am using an Intelligent Application Gateway (IAG) appliance to publish the extranet site to the Internet, but I was having some problems getting the authentication to work for the external users.

On the IAG, I created an authentication repository for ADAM, and it seemed to work fine, plus I could connect using LDP.exe from the IAG to ADAM.

However, when an external user was authenticating, the IAG was logging a failure to authenticate, with the phrase ‘Missing Credentials’ involved.

A PSS call later, it transpires that IAG does not currently support UPN logons, without a lot of customisation.  Out of the box, it is only designed to handle domain\username type of logons.

Waiting to hear back about the nature of the customisation required, but in the meantime, I’ve configured IAG to not authenticate, but instead just perform the session validation, then display the normal SharePoint logon form.  Not as secure as I wanted, but it works.

Advertisements
This entry was posted in IAG, SharePoint and tagged , , , , . Bookmark the permalink.

3 Responses to IAG 2007 and SharePoint ECTS – UPN logon format not supported

  1. Dave says:

    Not sure if you solved this but I just deployed IAG with ECTS successfully.

    The trick was to set the of the ADAM repository type in your RepositoryType.xml on the IAG to the same value as the ADAM SharePoint membership provider in your web.config file. In my case I used ‘cn’, and it works perfect.

    Dave

  2. ee61re says:

    Dave – can you please confirm the exact steps and changes you made, so I can test on our environment? Are you using peoples SMTP addresses as their ECTS logins?

    Thanks

    Rob

  3. Dave says:

    Hi Rob,

    I installed ECTS as per the documentation and test/validated the installation. I created an external user and approved it. I then created the custom ADAM Repository on the IAG as per: http://www.ssl-vpn.de/wiki/(X(1)S(abexdgetfrzhga55u3fbcg55))/How%20to%20interface%20with%20ADAM.ashx

    I then changed the LoginNameAttr to cn which is what ECTS also uses. That did the trick: Matching the 2 attributes used for the login name. Drop me an e-mail if you need any more details.

    Dave

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s