The UAG authentication flow actually starts before the logon page is seen by the user. As the browser calls the initial trunk URL, UAG automatically directs the user to a page that initializes the session parameters (Initparams.aspx
) in case the user does not yet have an existing session. Once a session is initiated, UAG attempts to detect the presence of its endpoint components on the client, and if they do not yet exist, they are offered to the user through the normal Active-X installation dialogs. Only then is the user sent to the login page, following their decision to allow component installation, or decline and continue with limited functionality (web application publishing only and also no socket forwarding, no SSTP or network connector, no endpoint detection, and no endpoint-cleanup).
While the preceding info is not directly related to authentication, it's important to know that information collected during this phase can be vital to what then follows...