IWA with Siteminder and an AWS Application Load Balancer
search cancel

IWA with Siteminder and an AWS Application Load Balancer

book

Article ID: 258921

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder)

Issue/Introduction

Attempts to configure a Siteminder policy which is using Integrated Windows Authentication (IWA) to a resource hosted and an Amazon Web Services (AWS) environment with an AWS Application Load Balancer implemented are causing users to fail authentication.

Environment

[SITEMINDER]

Policy Server: r12.8.x

Access Gateway: r12.8.x

Web Agent: r12.52.x

Cause

IWA or NTLM Authentication fails through an AWS Application Load Balancer.  

Application Load Balancer is seamlessly integrated with Amazon Cognito, which allows end users to authenticate through social identity providers such as Google, Facebook, and Amazon, and through enterprise identity providers such as Microsoft Active Directory via SAML or any OpenID Connect-compliant identity provider (IdP). If you already have a custom IdP solution that is OpenID Connect-compatible, Application Load Balancer can also authenticate enterprise users by directly connecting with your identity provider.

 

Resolution

Use the AWS Network Load Balancer instead. 

Additional Information

https://aws.amazon.com/elasticloadbalancing/application-load-balancer/?nc=sn&loc=2&dn=2