Authenticate users with this format: domain\username
Article ID: 121203
CA Single Sign On Secure Proxy Server (SiteMinder)AXIOMATICS POLICY SERVERCA Single Sign On SOA Security Manager (SiteMinder)CA Single Sign-On
When I'm trying to login the user with domain\userid in an HTML Form, it doesn't work, but using the userid only works fine and I'd like to know why ?
Release: MSPSSO99000-12.8-Single Sign-On-for Business Users-MSP Component:
The domain is needed and used when authenticating the user with Windows Authentication. By this Authentication Scheme, Policy Server doesn't do the authentication, but the IIS server does.
Configure a Windows Authentication Scheme
Note: The IIS web server, not the Policy Server, performs authentication based on credentials it receives from the Internet Explorer web browser. Therefore, you cannot use the OnAuthAttempt authentication event to redirect users who do not exist in the user store.
Extended_NTLM Authentication_for CA Single Sign-On
According this module documentation :
Extended NTLM Authentication for Extended NTLM Authentication for CA Single Sign-On User Guide
"The solution has added capability of validating the user’s password against an Active Directory User Store (/Ldap Directory User Store) in which users account is located when the user submits a domain name, login ID and password via an HTML Form.
In both IWA and Forms modes, the authentication scheme supports multiple AD Domains, configured as separate CA Single Sign-On User Directory objects in the CA Single Sign-On policy store, and will only attempt to disambiguate the user in the User Directory/AD Instance, that is associated with the <domain> value passed to CA Single Sign-On by IIS or by the HTML Form. This will allow a user’s account to be located in the correct AD instance with a single search, even though the user’s username may exist in multiple AD Domains."
But according the to GD support matrix, the last module version 3.0 seems to be supported only with Policy Server 12.52SP1. You might also open an Idea certification request to get the module ported for Policy Server 12.8.
Extended NTLM Authentication for CA Single Sign-On
| PWP Version | Component | Component Version | Operating System | |-------------+---------------+-------------------+-----------------------------| | 3.0 | Policy Server | 12.52 SP1 | Product Supported Platforms |