Symantec Access Management

 View Only
  • 1.  IWA with SPS 12.6 in Linux

    Posted Jun 14, 2017 06:48 AM

    Hi All.

    I'm confused about the possibility of using IWA (not Kerberos) having just Secure Proxy Server in UNIX domain.

    The use-case is that all users enter in our SSO 12.6 via web, authenticate with IWA and continue to work.

    Is it not clear if it is mandatory to have an SPS on Windows.

    In the past we implemented IWA in IIS with a standard webagent but in that case users went directly to that IIS server for IWA.

    Now, having all requests that comes to SPS (in linux) in Front-End and not having any enabled flow to the backend (where there is IIS and webagent), is it still possible to have IWA? What we need to do?

     

    Thanks a lot for the suggestions



  • 2.  Re: IWA with SPS 12.6 in Linux
    Best Answer

    Broadcom Employee
    Posted Jun 14, 2017 09:12 PM

    Hi,

     

    Docops of CA SSO 12.6.01 state as following:

    You can configure one of the following authentication schemes with CA Access Gateway:

    • Windows authentication scheme on Windows server
    • Kerberos authentication scheme on Windows and UNIX server 

    Also:

    Verify the Prerequisites
    Verify that you perform the following tasks before you configure CA Access Gateway to support IWA:

    1. Configure a Windows domain controller.
    2. Add CA Access Gateway host as a member of domain host for the Windows domain controller.

     

    For detail,  see “Configure CA Access Gateway to Support Integrated Windows Authentication”.

    I hope this would help.

     

    Regards,

    Koichi Ikarashi



  • 3.  Re: IWA with SPS 12.6 in Linux

    Posted Nov 03, 2017 08:05 AM

    Hi All,

     

    SPS (Access gateway) 12.7 on Linux can support Windows Authetication scheme? 

    If yes, could any one please provide the details. 

     

    If I use Kerberos authetication it works, but not with Windows Authetication.

     

    The reason we want to use Windows Authetication is for fall-back option. As currently in PS 12.7 only authetication chain 1st option only for Windows authetication schemes, not avilable for Kerberos schemes.

     

    Thanks a lot for the suggestions



  • 4.  Re: IWA with SPS 12.6 in Linux

    Broadcom Employee
    Posted Nov 05, 2017 11:32 PM

    Just a reference - The same question has been posted, and answered by Hubert. 

    Access gateway 12.7 on Linux can support Windows Authetication scheme?