Symantec Access Management

Tech Tip : CA Single Sign-On : IWA authchain not working with domain joined machine when not in network

  • 1.  Tech Tip : CA Single Sign-On : IWA authchain not working with domain joined machine when not in network

    Broadcom Employee
    Posted 09-05-2018 07:18 AM

    Issue:


    We're running CA Access Gateway (SPS), when resource is protected with
    "authentication chain" Authentication Scheme, if the first IWA
    Authentication fails, the browser doesn't get the HTML Form
    Authentication Scheme, but the popup to login. If we cancel this
    Pop-Up, then the browser receives return code 403.

    But reading the documentation, if the IWA fails, then the browser
    should receive the HTML Form to authenticate instead :

    IWA Fallback to Forms

     

    If IWA/Windows authentication scheme fails, CA SSO falls back to
    Forms-based authentication scheme. This fallback process helps you
    combine an IWA authentication scheme and a form/HTML authentication
    scheme as the new authentication chain.

     

    How can we fix this ?

     

    Environment:

     

    CA Access Gateway (SPS) 12.7

     

    Resolution:

     

    Upgrade CA Access Gateway (SPS) to the next CR of 12.7

     

    KB : KB000113093