I have IWA configured for one of my SPS servers.
Say my SPS server hostname is sps.test.net. However, the SSL Certificate and the URL for this server is sps.test.com
I've deployed and protected a headers.jsp that dumps all headers. I've protected this with the IWA auth scheme.
The issue I'm having is, when I use the hostname in the URL, IWA works fine. for example http://sps.test.net/affwebservices/redirectjsp/headers.jsp , It logs me in fine
But, when I switch to the actual URL, http://sps.test.com/affwebservices/redirectjsp/redirect.jsp , it gives me the NTLM challenge. Doesn't log me in automatically.
Is this a browser setting or am I missing something in the ACO? Or does it have to do something with the cookie domain? I tried setting the cookie domain to .test.com in the ACO, but that didn't help either.
If the Windows authentication scheme is setup with the server name sps.test.net, then the cookie will be generated with cookie domain "test.net", hence the user is not allowed to access http://sps.test.com resources.
You can setup cookie provider to allow single sign-on across different cookie domains.
For details, please refer to CA SiteMinder® Integrated Documents 12.52 SP1 .