We facing issue in IWA authentication for the application which configured via HTTP method.

When got to http://<webserver>/ on a webserver in a browser it redirects to creds.ntc which then generates a 500 error.

IWA Authentication does not seem to take place correctly.

Agent Trace log shows the browser is redirecting as below.

http://<webserver>/

redirect to http://<webserver>/siteminderagent/ntlm/creds.ntc (IWA does not take place so no authentication here)

http://<webserver>/ (Without any redirect, another request appeared going to the root)

again redirect to http://<webserver>/siteminderagent/ntlm/creds.ntc and throw HTTP 500

Agent Trace log reports [OpenThreadToken] error.

Release : 12.8.03

Component : SITEMINDER -WEB AGENT FOR APACHE

Customer had redirect rule configured on the IIS which redirects all requests (.*) to a redirect.asp page.

This hijacked the request going to /siteminderagent/ntlm/creds.ntc resulting in going to the http://<webserver>/ again.

This repeats one more time and IIS Agent reports it has failed to obtain OpenThreadToken from IIS for authentication.

Rewrite rules can be found in the web.config file.

Instead of rewrite rule rewriting all(.*) requests to redirect.asp customer can just use DefaultDocument feature to load redirect.asp.

If customer need to use a rewrite rule, they must ensure they set an exception for "/siteminderagent" so that it will not interfere with authentication.