ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Which authentication schemes support Password Policies?


Article ID: 51196


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



Not all authentication schemes support password policies. If the
authentication scheme does not support Password Policies, the check
box description is dimmed and the check box is unavailable.




According to documentation, a list of authentication schemes will have
checkbox "Passwords Policies Enabled for this authentication scheme
dimmed and unavailable for selection (1).

For windows authentication scheme, even though the checkbox is
available, some functionality will not be available. With IWA,
password is not available to SiteMinder at the time to authentication
since IIS server does the authentication together with the browser and
the AD.


Additional Information



    Supported Authentication Schemes and Password Policies

      The following table lists supported authentication scheme types and
      whether they support Password Policies.

      | Authentication Scheme Type              | Type Supports Password Policies? |
      | Anonymous                               | No                               |
      | Basic                                   | Yes                              |
      | Basic over SSL                          | Yes                              |
      | Custom                                  | Yes                              |
      | HTML Forms                              | Yes                              |
      | Impersonation                           | No                               |
      | OpenID                                  | No                               |
      | RADIUS CHAP/PAP                         | Yes                              |
      | RADIUS Server                           | Yes                              |
      | SecurID                                 | No                               |
      | SecurID and HTML Forms                  | No                               |
      | X.509 Client Certificate                | No                               |
      | X.509 Client Certificate and Basic      | Yes                              |
      | X.509 Client Certificate or Basic       | Yes                              |
      | X.509 Client Certificate and HTML Forms | Yes                              |
      | X.509 Client Certificate or HTML Forms  | Yes                              |
      | Windows Authentication                  | Yes                              |
      | Authentication Chain                    | No                               |
      | JSON Web Token Template                 | No                               |