This is an easy way to test the Integrated Windows Authentication (IWA NTLM) configured properly.

Siteminder release: 12.8.x 
Component: SMPLC 
OS: Windows 

For Integrated Windows Authentication, IIS does the authentication, not SiteMinder. SiteMinder Web Agent doesn't do any authentication for IWA, Siteminder Web Agent trusts the credentials accepted by the IIS and sends them to Policy Server for Siteminder authentication and authorization.

To verify that Windows Authentication on IIS is working correctly by performing the following steps.

  1. Disable the Web agent and restart IIS;

  2. Change the Internet Explorer logon setting from

     "Automatic Logon..."

     to

     "Prompt for user name and password"

     and quit and restart IE.

     (This may require a logout if an application is using an IE session.);

  3. Attempt to access http://FQDN/siteminderagent/ntlm/creds.ntc (Must
     be 2 dot FQDN );

  4. A prompt for credentials by IIS should show up;

  5. Provide credentials. Try this step twice,

     - Once with the specific user;
     - Once with another valid user that has permission to access this
       application;

  6. If IIS Windows Authentication is configured correctly, a '404'
     error should be seen in the browser, since creds.ntc does not
     exist;

  7. If receiving a 401 or 403 error, the user doesn't have permission
     to access the credentials collector. This will prevent user
     credentials from being passed to SiteMinder. Correct the Windows
     security settings for this resource in order for the
     authentication scheme to work.

  8. Make sure that on the IIS where the Windows Authentication occurs,
     set "Anonymous Authentication" to disabled;