Attempts to configure a Siteminder policy which is using Integrated Windows Authentication (IWA) to a resource hosted and an Amazon Web Services (AWS) environment with an AWS Application Load Balancer implemented are causing users to fail authentication.

[SITEMINDER]

Policy Server: r12.8.x

Access Gateway: r12.8.x

Web Agent: r12.52.x

IWA or NTLM Authentication fails through an AWS Application Load Balancer.  

Application Load Balancer is seamlessly integrated with Amazon Cognito, which allows end users to authenticate through social identity providers such as Google, Facebook, and Amazon, and through enterprise identity providers such as Microsoft Active Directory via SAML or any OpenID Connect-compliant identity provider (IdP). If you already have a custom IdP solution that is OpenID Connect-compatible, Application Load Balancer can also authenticate enterprise users by directly connecting with your identity provider.

Use the AWS Network Load Balancer instead. 

https://aws.amazon.com/elasticloadbalancing/application-load-balancer/?nc=sn&loc=2&dn=2