Symantec Access Management

  • Private Community

  • 1.  IIS, Windows Security Context, SiteMinder and You

    Posted May 01, 2013 01:52 PM

    There is a new feature that is available with IIS 7x that SiteMinder is able to leverage when using Windows Authentication.
    Historically, when leveraging an Integrated Windows Authentication Schema, the credentials would be cached to the virtual form, “Creds.ntc”
    When doing so you would configure IIS Authentication for Anonymous and only Windows Authentication for the path pointing to “Creds.ntc”.

    However, with IIS 7x and the using the SiteMinder IIS agent, you can now use an Agent Configuration Object called “inlinecredentials”.
    This allows IIS to be configured with IWA at the root web application. The user credentials are passed through the SiteMinder IIS Agent and communicated across the Agent / Policy Server communication layer.
    The Policy Server at that point performs both the Authentication and Authorization steps for the user.
    Please review the Bookshelf links below for more information.

    New Features: Inline Credentials Support
    https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP3-ENU/Bookshelf_Files/HTML/idocs/1773623.html
    Manage User Access with IIS and Inline Credentials.
    https://support.ca.com/cadocs/0/CA%20SiteMinder%20r12%20SP3-ENU/Bookshelf_Files/HTML/idocs/367390.html

    Configuration Recommendations:
    1: Siteminder: Define theACO parameter, "InlineCredentials" to yes.
    InlineCredentials=Yes
    2: Internet Explorer: Define Trusted Sites to allow "Automatic logon with
    Current user name and password" option is selected.
    3: IIS Manager:
    When using the ACO inlinecredentials, in IIS Administration UI, disable the Anonymous Authentication and enable only the Windows authentication (use Windows User identity instead of Application
    Pool identity)

    Other Notes:
    The ACO parameter “inlinecredentials” was introduced in R12 SP3.
    This feature might not be relevant to all organizations and should be tested against your organizations web application to validate that this feature functions as expected.



  • 2.  RE: IIS, Windows Security Context, SiteMinder and You

     
    Posted May 14, 2013 04:07 PM
    Thanks for letting the community know James! :grin:


  • 3.  RE: IIS, Windows Security Context, SiteMinder and You

    Posted Feb 27, 2014 03:57 PM

    Hi James,

    We are using CA Siteminder 12.52 version and  I'm trying to configuring a SAML profile for Single Sign on and using ' Windows Authentication Template' as authentication scheme type.

    By using this authentication schema, I need to make suggested changes for the successful single sign on. The Service provide site which we are trying to configure the single sign on need to be enabled with the ‘Automatic logon only in the Intranet Zone’ and by enabling this, the auth scheme prompts for credentials.

    Please let me know if there are any other changes to be consider to make use of this authentication schema?

     

    Thanks,

    Sandeep Kumar S



  • 4.  RE: IIS, Windows Security Context, SiteMinder and You

    Posted Mar 29, 2014 03:02 AM

    hello all,

    im looking for help to deploy Agent 12.5 on IIS 7.5  with  policy server 12.5  , i ve done all  prerequisites  to  iis 7.5 and  configured  web agent properly , but  policy server is not  protecting my sites  ,

    any help pls 

    my environment 

    Siteminder 12.5 32 bit,agent 12.5 ,LDAP on solaris10,IIS 7.5 

    regards:v

    venky