Which authentication schemes support Password Policies?
Article ID: 51196
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
CA Single Sign-On
Issue/Introduction
Not all authentication schemes support password policies. If the authentication scheme does not support Password Policies, the check box description is dimmed and the check box is unavailable.
Resolution
According to documentation, a list of authentication schemes will have checkbox "Passwords Policies Enabled for this authentication scheme
dimmed and unavailable for selection (1).
For windows authentication scheme, even though the checkbox is available, some functionality will not be available. With IWA, password is not available to SiteMinder at the time to authentication since IIS server does the authentication together with the browser and the AD.
Additional Information
(1)
Supported Authentication Schemes and Password Policies
The following table lists supported authentication scheme types and
whether they support Password Policies.
| Authentication Scheme Type | Type Supports Password Policies? |
|-----------------------------------------+----------------------------------|
| Anonymous | No |
| Basic | Yes |
| Basic over SSL | Yes |
| Custom | Yes |
| HTML Forms | Yes |
| Impersonation | No |
| OpenID | No |
| RADIUS CHAP/PAP | Yes |
| RADIUS Server | Yes |
| SecurID | No |
| SecurID and HTML Forms | No |
| X.509 Client Certificate | No |
| X.509 Client Certificate and Basic | Yes |
| X.509 Client Certificate or Basic | Yes |
| X.509 Client Certificate and HTML Forms | Yes |
| X.509 Client Certificate or HTML Forms | Yes |
| Windows Authentication | Yes |
| Authentication Chain | No |
| JSON Web Token Template | No |
Supported Authentication Schemes and Password Policies
Feedback
Yes
No
Powered by
