Not all authentication schemes support password policies. If the
authentication scheme does not support Password Policies, the check
box description is dimmed and the check box is unavailable.
According to documentation, a list of authentication schemes will have
checkbox "Passwords Policies Enabled for this authentication scheme
dimmed and unavailable for selection (1).
For windows authentication scheme, even though the checkbox is
available, some functionality will not be available. With IWA,
password is not available to SiteMinder at the time to authentication
since IIS server does the authentication together with the browser and
the AD.
(1)
Supported Authentication Schemes and Password Policies
The following table lists supported authentication scheme types and
whether they support Password Policies.
| Authentication Scheme Type | Type Supports Password Policies? |
|-----------------------------------------+----------------------------------|
| Anonymous | No |
| Basic | Yes |
| Basic over SSL | Yes |
| Custom | Yes |
| HTML Forms | Yes |
| Impersonation | No |
| OpenID | No |
| RADIUS CHAP/PAP | Yes |
| RADIUS Server | Yes |
| SecurID | No |
| SecurID and HTML Forms | No |
| X.509 Client Certificate | No |
| X.509 Client Certificate and Basic | Yes |
| X.509 Client Certificate or Basic | Yes |
| X.509 Client Certificate and HTML Forms | Yes |
| X.509 Client Certificate or HTML Forms | Yes |
| Windows Authentication | Yes |
| Authentication Chain | No |
| JSON Web Token Template | No |
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/policy-server-configuration/authentication-schemes.html#concept.dita_7a6fd7831a148b0f4654082d6f57d57d4a50217f_SupportedAuthenticationSchemesandPasswordPolicies