We're running CA Access Gateway (SPS), when resource is protected with"authentication chain" Authentication Scheme, if the first IWAAuthentication fails, the browser doesn't get the HTML FormAuthentication Scheme, but the popup to login. If we cancel thisPop-Up, then the browser receives return code 403.
But reading the documentation, if the IWA fails, then the browsershould receive the HTML Form to authenticate instead :
IWA Fallback to Forms
If IWA/Windows authentication scheme fails, CA SSO falls back toForms-based authentication scheme. This fallback process helps youcombine an IWA authentication scheme and a form/HTML authenticationscheme as the new authentication chain.
How can we fix this ?
CA Access Gateway (SPS) 12.7
Upgrade CA Access Gateway (SPS) to the next CR of 12.7
KB : KB000113093