Authentication Chain with IWA Authentication Scheme Fallback to Form not happening PCs outside company domain

book

Article ID: 108650

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We have set up Authentication chaining using Access Gateway on Windows, but in some configurations, the fallback form is not displayed and the "classic" Windows popup appears instead 

If browser on a Domain PC, correctly configured for automatic login, then the fallback to form occurs as expected.

However, when the browser is not on a Domain PC that is configured for automatic login, the fallback to form does not occur, and a popup for credentials appears to the user.

How can we resolve this issue as we want the fallback to form to occur in all use cases?

Environment

CA Single Sign.On PS 12.7SP2 on Linux RH 7.5 
CA Access Gateway 12.7SP2 on Linux RH 7.5 
User Store is MS Active Directory 

Resolution

Configuring web browser for automatic login is a pre-requisite, hence it is a must to configure the browsers on PCs for the fallback to form to occur. Please refer the documentation for further info https://docops.ca.com/ca-single-sign-on/12-7/en/configuring/ca-access-gateway-configuration/configure-ca-access-gateway-to-support-integrated-windows-authentication

Additional Information

https://docops.ca.com/ca-single-sign-on/12-7/en/configuring/ca-access-gateway-configuration/configure-ca-access-gateway-to-support-integrated-windows-authentication