search cancel

Kerberos Fallback authentication not working with CA Access Gateway

book

Article ID: 228733

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction

 

When Running a CA Access Gateway (SPS), when user fails to login in by
Kerberos to HTML Form fall back Authentication Scheme, when the
Kerberos authentication fails due to misconfiguration, the browser
shows a popup instead of directing the browser to the HTML Form
Authentication Scheme.

 

Environment

 

  CA Access Gateway 12.8SP04 Build 2278 on RedHat 7;
  Policy Server 12.8SP04 Build 2278 on RedHat 7;
  WebAgent 12.52SP01CR11 Build 2820 on on RedHat 7;

 

Resolution

 

Both Authentication Schemes should be correctly configured and working
independently in order to have the Kerberos to HTML Form fall back
feature to work. The Authentication failing back has been mainly
implemented to give an option to access from a environment where the
browser has no credentials to send to the Kerberos Authentication
Scheme, where in other environment the same application can be
accessed with the Kerberos credentials.