Symantec Access Management

  • Private Community

  • 1.  Architecture components for IWA and Kerberos

    Posted Nov 10, 2017 08:38 AM

    Hi,

    may you help to list and describe all the additional components of a basic SiteMinder implementation architecture to archive IWA and Kerberos single sign-on feature in a Production environment?

     

    For IWA, as far as I know, at least a couple (for HA) of ISS servers + WebAgent are required; something else? I also read the CA  Access Gateway could replace IIS, is it true and is it a preferred solution? 

     

    For Kerberos (Windows environment where Active Directory is the KDC) only a WebAgent is required?

     

     

    Thanks and regards,

    Gabriele.



  • 2.  Re: Architecture components for IWA and Kerberos
    Best Answer

    Broadcom Employee
    Posted Nov 15, 2017 09:50 PM

    Yes, for IWA(NTLM Authentication), you can use CA Access Gateway (on Windows) on behalf of IIS.

    For Kerberos, as you said, needed only WebAgent (for Apache/IIS on Windows/LINUX)

    Configure CA Access Gateway to Support Integrated Windows Authentication - CA Single Sign-On - 12.6.01 - CA Technologies… 



  • 3.  Re: Architecture components for IWA and Kerberos

    Posted Nov 20, 2017 02:44 AM

    Hi nisyu04,

    may you also take a look on this thread Authentication Chaining for IWA on 4 AD domains.

     

    Thanks and regards,

    Gabriele