Authentication Chain with IWA Authentication Scheme Fallback to Form not happening PCs outside company domain

Article Id: 108650
Status: Published
Updated On: 31-07-2018 01:04
Products:
CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On CA Single Sign-On
Issue/Introduction:

We have set up Authentication chaining using Access Gateway on Windows, but in some configurations, the fallback form is not displayed and the "classic" Windows popup appears instead 

If browser on a Domain PC, correctly configured for automatic login, then the fallback to form occurs as expected.

However, when the browser is not on a Domain PC that is configured for automatic login, the fallback to form does not occur, and a popup for credentials appears to the user.

How can we resolve this issue as we want the fallback to form to occur in all use cases?

Environment:

CA Single Sign.On PS 12.7SP2 on Linux RH 7.5 
CA Access Gateway 12.7SP2 on Linux RH 7.5 
User Store is MS Active Directory 

Resolution:

Configuring web browser for automatic login is a pre-requisite, hence it is a must to configure the browsers on PCs for the fallback to form to occur. Please refer the documentation for further info https://docops.ca.com/ca-single-sign-on/12-7/en/configuring/ca-access-gateway-configuration/configure-ca-access-gateway-to-support-integrated-windows-authentication

Additional Information:

https://docops.ca.com/ca-single-sign-on/12-7/en/configuring/ca-access-gateway-configuration/configure-ca-access-gateway-to-support-integrated-windows-authentication