SSO publishing infrastructure: UAG+F5 or just F5
LS,
Our aim is to design and build a consolidated, standardized publishing point which can offer the user SSO across different platforms (sharepoint, exchange, blackboard, ts web farm, etc) by using claims-based authentication.
We're about to do a pilot with UAG and ADFS trying to figure out wether it could make sharepoint2010, exchange2010, a TS webfarm and some tomcat -website SSO based on claims-based authentication.
For now, we are only interested in using UAG as a reverse proxy, we dont need it as a corporate firewall and we dont really need DirectAccess.
We already know that when it comes to loadbalancing the UAG-servers MS advices to use F5 loadbalanders instead of their own NLB. With the prerequisite ""webserver must see client-ip for webanalysis" I foresee a rather complex setup where F5 will be the gateway for uag will be the gateway for F5 will be the gateway for webserver, and each rewriting client-ip until it hits the webserver.
Next to that I hear/read rumors that MS is no longer developing UAG.
This makes me wonder wether it's wise to go for UAG. Instead it would be nice if F5 (which product?) could be a integrated load-balancer, central publishing point, reverse proxy providing SSO based on claims based auth.
My question:
1. Can F5 replace F5+UAG?
2. We run F5 3400 loadbalancers already but we going to replace those in the near future. What product would suite best?
3. Can F5 do claims-based auth with ADFS?
Kind regards, Pieter