This is an easy way to test the Integrated Windows Authentication
(IWA NTLM) configured properly.
For Integrated Windows Authentication, IIS does the authentication,
not SiteMinder. SiteMinder Web Agent doesn't do any authentication for
IWA, Siteminder Web Agent trusts the credentials accepted by the IIS
and sends them to Policy Server for Siteminder authentication and
To verify that Windows Authentication on IIS is working correctly by
performing the following steps.
1. Disable the Web agent and restart IIS;
2. Change the Internet Explorer logon setting from
"Prompt for user name and password"
and quit and restart IE.
(This may require a logout if an application is using an IE session.);
3. Attempt to access http://FQDN/siteminderagent/ntlm/creds.ntc (Must
be 2 dot FQDN );
4. A prompt for credentials by IIS should show up;
5. Provide credentials. Try this step twice,
- Once with the specific user;
- Once with another valid user that has permission to access this
6. If IIS Windows Authentication is configured correctly, a '404'
error should be seen in the browser, since creds.ntc does not
7. If receiving a 401 or 403 error, the user doesn't have permission
to access the credentials collector. This will prevent user
credentials from being passed to SiteMinder. Correct the Windows
security settings for this resource in order for the
authentication scheme to work.
8. Make sure that on the IIS where the Windows Authentication occurs,
set "Anonymous Authentication" to disabled;