Hi, I have a problem and im wondering if theres a way it could be solved... We have a web application which sits on an external suppliers server. ADFS is setup in our network as well as shibboleth federated services on theirs so when internal staff users click a link from our share point intranet portal, there credentials are validated against our AD (as an identity provider) and the users are logged on automatically to this external site (the resource provider)... My query is...We have a large network of users that also reside outside of our network and log onto our portal via vpn into an OPI (Cloud Private internetwork) accessing our portal through a Forefront TMG Form. Once they've been authenticated they can access our portal however once they click the link to the external web application, they are prompted to authenticate against the AD once again. This is most likely due to the token for the authenticated user not being retained after the form authentication i believe. I am trying to eliminate this need to authenticate again to achieve pure SSO for (not only) internal but external users aswell. Is this possible? So far Ive: - enabled kerberos on the portal - looked at SharePoint SSO - looked at extranet (but this may be difficult due to the nature of logging into cloud instead of accessing the site via the internet) But cant find anything that may help... Any suggestions on ways to achieve this would be appreciated? StuCheers Stu

You have posted in the Exchange Server forum. Please post in either the SharePoint or appropriate AD forum. http://social.technet.microsoft.com/Forums/en-us/category/sharepoint http://social.technet.microsoft.com/Forums/en-us/winserverDS/threadsTim Harrington - Catapult Systems - http://HowDoUC.blogspot.com

sure thing..doneCheers Stu