search cancel

Kerberos Fallback authentication not working with CA Access Gateway


Article ID: 228733


Updated On:


SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder)



When Running a CA Access Gateway (SPS), when user fails to login in by
Kerberos to HTML Form fall back Authentication Scheme, when the
Kerberos authentication fails due to misconfiguration, the browser
shows a popup instead of directing the browser to the HTML Form
Authentication Scheme.




  CA Access Gateway 12.8SP04 Build 2278 on RedHat 7;
  Policy Server 12.8SP04 Build 2278 on RedHat 7;
  WebAgent 12.52SP01CR11 Build 2820 on on RedHat 7;




Both Authentication Schemes should be correctly configured and working
independently in order to have the Kerberos to HTML Form fall back
feature to work. The Authentication failing back has been mainly
implemented to give an option to access from a environment where the
browser has no credentials to send to the Kerberos Authentication
Scheme, where in other environment the same application can be
accessed with the Kerberos credentials.