This is an easy way to test the Integrated Windows Authentication (IWA NTLM) configured properly.
Siteminder release: 12.8.x
Component: SMPLC
OS: Windows
For Integrated Windows Authentication, IIS does the authentication, not SiteMinder. SiteMinder Web Agent doesn't do any authentication for IWA, Siteminder Web Agent trusts the credentials accepted by the IIS and sends them to Policy Server for Siteminder authentication and authorization.
To verify that Windows Authentication on IIS is working correctly by performing the following steps.
1. Disable the Web agent and restart IIS;
2. Change the Internet Explorer logon setting from
"Automatic Logon..."
to
"Prompt for user name and password"
and quit and restart IE.
(This may require a logout if an application is using an IE session.);
3. Attempt to access http://FQDN/siteminderagent/ntlm/creds.ntc (Must
be 2 dot FQDN );
4. A prompt for credentials by IIS should show up;
5. Provide credentials. Try this step twice,
- Once with the specific user;
- Once with another valid user that has permission to access this
application;
6. If IIS Windows Authentication is configured correctly, a '404'
error should be seen in the browser, since creds.ntc does not
exist;
7. If receiving a 401 or 403 error, the user doesn't have permission
to access the credentials collector. This will prevent user
credentials from being passed to SiteMinder. Correct the Windows
security settings for this resource in order for the
authentication scheme to work.
8. Make sure that on the IIS where the Windows Authentication occurs,
set "Anonymous Authentication" to disabled;