There is a new feature that is available with IIS 7x that SiteMinder is able to leverage when using Windows Authentication. Historically, when leveraging an Integrated Windows Authentication Schema, the credentials would be cached to the virtual form, “Creds.ntc” When doing so you would configure IIS Authentication for Anonymous and only Windows Authentication for the path pointing to “Creds.ntc”. However, with IIS 7x and the using the SiteMinder IIS agent, you can now use an Agent Configuration Object called “inlinecredentials”. This allows IIS to be configured with IWA at the root web application. The user credentials are passed through the SiteMinder IIS Agent and communicated across the Agent / Policy Server communication layer. The Policy Server at that point performs both the Authentication and Authorization steps for the user. Please review the Bookshelf links below for more information. New Features: Inline Credentials Support https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP3-ENU/Bookshelf_Files/HTML/idocs/1773623.html Manage User Access with IIS and Inline Credentials. https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP3-ENU/Bookshelf_Files/HTML/idocs/367390.html Configuration Recommendations: 1: Siteminder: Define theACO parameter, "InlineCredentials" to yes. InlineCredentials=Yes 2: Internet Explorer: Define Trusted Sites to allow "Automatic logon with Current user name and password" option is selected. 3: IIS Manager: When using the ACO inlinecredentials, in IIS Administration UI, disable the Anonymous Authentication and enable only the Windows authentication (use Windows User identity instead of Application Pool identity) Other Notes: The ACO parameter “inlinecredentials” was introduced in R12 SP3. This feature might not be relevant to all organizations and should be tested against your organizations web application to validate that this feature functions as expected.
We are using CA Siteminder 12.52 version and I'm trying to configuring a SAML profile for Single Sign on and using ' Windows Authentication Template' as authentication scheme type.
By using this authentication schema, I need to make suggested changes for the successful single sign on. The Service provide site which we are trying to configure the single sign on need to be enabled with the ‘Automatic logon only in the Intranet Zone’ and by enabling this, the auth scheme prompts for credentials.
Please let me know if there are any other changes to be consider to make use of this authentication schema?
Sandeep Kumar S
im looking for help to deploy Agent 12.5 on IIS 7.5 with policy server 12.5 , i ve done all prerequisites to iis 7.5 and configured web agent properly , but policy server is not protecting my sites ,
any help pls
Siteminder 12.5 32 bit,agent 12.5 ,LDAP on solaris10,IIS 7.5