We're running a CA Access Gateway (SPS) and when we protect a resource
with Windows Authentication Scheme, if the user has a SPN value, then
the browser receives 2 values for the same header :
We've worked around this issue by adding to the SPS http server the
following configuration :
Header edit WWW-Authenticate "Negotiate.*" "NTLM"
We'd like to know how to make the browser to receive only 1 header
How can we fix this ?
CA Access Gateway (SPS) 12.8SP3 on Windows 2016;
Policy Server 12.8SP3 on Windows 2016;
The behavior is by design. We add both in header to perform Windows
Authentication, however incase if negotiate fails (as underline
browser unable to provide the ticket for any reasons), With NTLM
client received the pop-up to supply credentials to authenticate and
generate the ticket.
Out of the box, there's no possibility to set CA Access Gateway (SPS)
to provide one of both WWW-Authenticate Headers.