Which authentication schemes support Password Policies?

book

Article ID: 51196

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

 

Not all authentication schemes support password policies. If the
authentication scheme does not support Password Policies, the check
box description is dimmed and the check box is unavailable.

 

Resolution

 

According to documentation, a list of authentication schemes will have
checkbox "Passwords Policies Enabled for this authentication scheme
dimmed and unavailable for selection (1).

For windows authentication scheme, even though the checkbox is
available, some functionality will not be available. With IWA,
password is not available to SiteMinder at the time to authentication
since IIS server does the authentication together with the browser and
the AD.

 

Additional Information

 

(1)

    Supported Authentication Schemes and Password Policies

      The following table lists supported authentication scheme types and
      whether they support Password Policies.

      | Authentication Scheme Type              | Type Supports Password Policies? |
      |-----------------------------------------+----------------------------------|
      | Anonymous                               | No                               |
      | Basic                                   | Yes                              |
      | Basic over SSL                          | Yes                              |
      | Custom                                  | Yes                              |
      | HTML Forms                              | Yes                              |
      | Impersonation                           | No                               |
      | OpenID                                  | No                               |
      | RADIUS CHAP/PAP                         | Yes                              |
      | RADIUS Server                           | Yes                              |
      | SecurID                                 | No                               |
      | SecurID and HTML Forms                  | No                               |
      | X.509 Client Certificate                | No                               |
      | X.509 Client Certificate and Basic      | Yes                              |
      | X.509 Client Certificate or Basic       | Yes                              |
      | X.509 Client Certificate and HTML Forms | Yes                              |
      | X.509 Client Certificate or HTML Forms  | Yes                              |
      | Windows Authentication                  | Yes                              |
      | Authentication Chain                    | No                               |
      | JSON Web Token Template                 | No                               |

    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/authentication-schemes.html#concept.dita_7a6fd7831a148b0f4654082d6f57d57d4a50217f_SupportedAuthenticationSchemesandPasswordPolicies