MOSS 2007 and Office docs Authentication handling through IAG

IAG / UAG team blog has detailed articles on publishing MOSS through IAG and different scnerios. From support perspective people come across some interesting scenarios and this is where I get involved. For instance a scenario where a user logs on to IAG portal and then launches the MOSS portal after SSO , clicks on a word 2007 document should be able to launch Office doc without reauthentication. However customers call in and report that instead when user clicks on a word, excel doc on MOSS liberary, end user is presented with IAG login page which is kind of merged inside the word doc (so a kind of distorted UI). Now if SSO is setup ideally this should not happen. Question is why this is happening?

In simple Office launches its User Agent for authentication and is not the same User agent as was your browser. So when end user clicks on the word doc on MOSS portal through IAG portal , she is being challenged again as the exisiting credentials that were presented earlier while logging on to IAG are not used any more. Technically you know what I am saying but its the cookie that is not persistant and it doesnt know whats going on and what this user agent is?. IAg is a reverse proxy so droping a persistant cookie for ever is not a great idea. So to handle this situation product group came up with the following option on advance trunk UI (authentication tab).

On IAG portal advance trunk , under Authenitcation tab there is a check box that resolves this issue.

Enable this option on the trunk and Apply configuration to IAG trunk.

This should give end user SSO experince end to end and technicalities are handled pretty smoothly out of box.