IWA authchain not working with domain joined machine when not in network
Article ID: 113093
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
We're running CA Access Gateway (SPS), when resource is protected with
"authentication chain" Authentication Scheme, if the first IWA
Authentication fails, the browser doesn't get the HTML Form
Authentication Scheme, but the popup to login. If we cancel this
Pop-Up, then the browser receives return code 403.
But reading the documentation, if the IWA fails, then the browser
should receive the HTML Form to authenticate instead :
IWA Fallback to Forms
If IWA/Windows authentication scheme fails, CA SSO falls back to
Forms-based authentication scheme. This fallback process helps you
combine an IWA authentication scheme and a form/HTML authentication
scheme as the new authentication chain.
How can we fix this ?
"authentication chain" Authentication Scheme, if the first IWA
Authentication fails, the browser doesn't get the HTML Form
Authentication Scheme, but the popup to login. If we cancel this
Pop-Up, then the browser receives return code 403.
But reading the documentation, if the IWA fails, then the browser
should receive the HTML Form to authenticate instead :
IWA Fallback to Forms
If IWA/Windows authentication scheme fails, CA SSO falls back to
Forms-based authentication scheme. This fallback process helps you
combine an IWA authentication scheme and a form/HTML authentication
scheme as the new authentication chain.
How can we fix this ?
Environment
CA Access Gateway (SPS) 12.7
Resolution
UpgradeĀ CA Access Gateway (SPS) to the next CR of 12.7
Feedback
Yes
No
Powered by
