Symantec Access Management

SPS (Access gateway) 12.7 on Linux can support Windows Authetication scheme? 

If yes, could any one please provide the details. 

If I use Kerberos authetication scheme it works, but not with Windows Authetication scheme.

The reason we want to use Windows Authetication is for fall-back option. As currently in PS 12.7 authetication chain 1st option only for Windows authetication schemes, not avilable for Kerberos schemes.

Thanks a lot for the suggestions

I think CA AG on Linux only supports Kerberos.

For Windows IWA setup with CA AG it calls windows API and the windows system has to be joined to the AD domain. Integrated Windows Authentication (IWA) is a proprietary mechanism developed by Microsoft to validate users in pure Windows environments.

Hence it is clearly stated in the documentation for Linux use a Kerberos Authentication Scheme.

If we need IWA, I'd suggest using CA AG on Windows. Using the Linux CA AG for other functions. We could adjust deployment strategies to align (e.g. 2 CA AG on Windows performing IWA and 4 CA AG on Linux for the other functions).

Regards

Hubert

Try this ACO setting on your Linux CA AG Setup with IWA Authentication Scheme. See if it help!

Configure IWA Fallback to Forms Using Authentication Chain - CA Single Sign-On - 12.7 - CA Technologies Documentation 

<SNIPPET>

Now if we go to this link, we have a fork about Linux and Windows. So I see where the doubt arises "Does this implicitly means that CA AG has to be on Windows for IWA and IWA Fallback to Forms Using Authentication Chain to work?"

Configure CA Access Gateway to Support Integrated Windows Authentication - CA Single Sign-On - 12.7 - CA Technologies Do… 

Let us know if that ACO parameter helped change the result.

My inclination is towards, thinking we need a CA AG on Windows.