Michael,
The current IIS agents provided ONLY set the HTTP Context and LOGON_USER header variable. If you have .Net coded applications using API based calls to request the user ID, those applications will fail to work. The standard agent does not create the user context within Windows and CA recommends you deploy the WWSI module from Global Delivery. I am working with CA right now with their WWSI Global Delivery product to try to find a solution. The WWSI requires windows integrated authentication and does NOT create the Windows user context but will fill in the HTTPContext.Current.User.Identity.Name, the System.Security.Principal.WindowsIdentity, the Request.ServerVariables(“LOGON_USER”) but NOT the Context.Request.LogonUserIdentity.Name which appears to be the one location the MS APIs look for the user ID.
This currently means that if you have MS .Net developed applications, there is no solution from CA to make these work without recoding.
Stan
From: CA Security Global User CommunityMessage Boards [mailto:
CommunityAdmin@communities-mail.ca.com]
Sent: Wednesday, March 19, 2014 1:42 PM
To:
mb_message.2253364.111412934@myca-email.ca.com
Subject: [CA SiteMinder General Discussion] RE: SiteMinder Kerberos Authentication
mrmichael:
Hello!
According to my understanding SiteMinder support Kerberos authentication:
https://supportcontent.ca.com/cadocs/0/CA%20SiteMinder%20Secure%20Proxy%20Server%2012%205-ENU/Bookshelf_Files/HTML/idocs/index.htm?toc.htm?2037083.html
The question is after the Kerberos authentication the SiteMinder sends to the application an HTTP header with a plain user name (as for regular Form authentication)?
Thanks in advance,
Michael
Hi All,
Any quick answers here for Michael?
Thanks!
Chris
Posted by:Chris_Hackett
--
CA Communities Message Boards
111415474
mb_message.2253364.111412934@myca-email.ca.com<mailto:
mb_message.2253364.111412934@myca-email.ca.com>
https://communities.ca.com