AnsweredAssumed Answered

Integrated Windows Authentication

Question asked by VVK on Oct 21, 2013
Latest reply on Mar 23, 2015 by brian.russell

I would like to setup IWA in existing environment.

In current scenario, I am having number of applications protected using SiteMinder policy server and they all are using same Form based auth scheme to enforce Centralized Login page hosted on server managed by us. Some applications are using Active Directory Auth directory while others using OID.

As per my understanding, below things needs to be setup in order to achieve IWA:
- IIS Webserver hosting some dummy pages
- Windows Authentication Scheme
- Browser with IWA enabled settings

I have IIS server build and protected by SiteMinder agent with directories havign Anonymous Access and SiteMinder Agent/NTLM directory using Windows Authentication. Windows Authentication Scheme having same protection level as of existing form based auth scheme getting used across and with FQDN of the IIS Webserver.

Whenever user logged into PC with his credentials and opens a IWA enabled brower to access SM protected applications, he put some application specific URL. As this application is protected by SM, it enforces SM Policy and when it sees no SMSESSION, it redirect user to Login.fcc hosted on centralized server. My questions are as below :-
1. Do I need to put some redirection in Login.fcc to some dummy page which is protected using Windows Authentication Scheme to make communication with IIS for NTLM based authentication/user validation?
2. As mentioned some applications are using OID as auth directory, so what should be done in such scenario as all PC's are part of the AD domain and using AD credentials to log in.
3. Not sure when the IWAABLE cookie is set and what role does it play in IWA?
4. Any other customization required ?

Would appreciate to know more in this context.

Thanks in advance.