Description:

When implementing the IWA (Integrated Windows Authentication) Scheme for Windows based login access to web pages protected by Siteminder you receive an HTTP error of 500 after the IWA scheme is completed on the SMWAMUI side. Below is the log reference and the steps to successfully complete the full scheme. The information is based on using Internet Information Services v7.0.

Solution:

After you have configured the Siteminder Web Agent for trace logging you will see the following error in the trace during the IsProtected stage of the login process.

[CSmHttpPlugin::ProcessResponses][Processing IsProtected responses.][GET][][/protected-web-page-start.html]
[AuthenticateUser][User 'NT AUTHORITY\IUSR' is not authenticated by Policy Server.][GET][][/protected-web-page-start.html]

• The result is an HTTP 500 error from the Browser window.

Please complete the following steps from the Internet Information Services Manager (v7.0).

1. Expand WebServer hostname
2. Expand Default Web Site
3. Click on the NTLM virtual directory
4. Double-Click the Authentication icon
5. Disable Anonymous access
6. Enable Windows Authentication
7. Restart IIS

Note: This action does not have to be done from the root of the Default-Web-Site level.

As always, if you have any questions or concerns regarding the steps mentioned in this Technical document, please do not hesitate to open a case with CA support.