I'm confused about the possibility of using IWA (not Kerberos) having just Secure Proxy Server in UNIX domain.
The use-case is that all users enter in our SSO 12.6 via web, authenticate with IWA and continue to work.
Is it not clear if it is mandatory to have an SPS on Windows.
In the past we implemented IWA in IIS with a standard webagent but in that case users went directly to that IIS server for IWA.
Now, having all requests that comes to SPS (in linux) in Front-End and not having any enabled flow to the backend (where there is IIS and webagent), is it still possible to have IWA? What we need to do?
Thanks a lot for the suggestions
Docops of CA SSO 12.6.01 state as following:
You can configure one of the following authentication schemes with CA Access Gateway:Windows authentication scheme on Windows serverKerberos authentication scheme on Windows and UNIX server
You can configure one of the following authentication schemes with CA Access Gateway:
Verify the PrerequisitesVerify that you perform the following tasks before you configure CA Access Gateway to support IWA:Configure a Windows domain controller.Add CA Access Gateway host as a member of domain host for the Windows domain controller.
Verify the PrerequisitesVerify that you perform the following tasks before you configure CA Access Gateway to support IWA:
For detail, see “Configure CA Access Gateway to Support Integrated Windows Authentication”.
I hope this would help.
SPS (Access gateway) 12.7 on Linux can support Windows Authetication scheme?
If yes, could any one please provide the details.
If I use Kerberos authetication it works, but not with Windows Authetication.
The reason we want to use Windows Authetication is for fall-back option. As currently in PS 12.7 only authetication chain 1st option only for Windows authetication schemes, not avilable for Kerberos schemes.
Just a reference - The same question has been posted, and answered by Hubert.
Access gateway 12.7 on Linux can support Windows Authetication scheme?