Configure IWA Fallback to Forms Using Authentication Chain

You can configure IWA Fallback to form-based authentication schemes using Authentication Chain. Authentication Chaining helps you combine the existing authentication schemes to build a chain.
casso127
You can configure IWA Fallback to form-based authentication schemes using Authentication Chain. Authentication Chaining helps you combine the existing authentication schemes to build a chain.
Verify the Prerequisites
Consider the following prerequisites before you configure IWA fall back to form-based authentication scheme:
  • Your environment must have at least one Windows authentication scheme and one form-based authentication scheme.
  • The Authentication Chain implementation in
    CA Single Sign-On
     is limited to CA Access Gateway. Ensure that CA Access Gateway is configured to support IWA. For more information, see Configure CA Access Gateway to Support Integrated Windows Authentication.
Configure the Authentication Chain
To configure IWA Fallback to form-based authentication schemes using the Administrative UI, you need to first create an authentication scheme type of the Authentication Chain template and select a primary authentication scheme and a fallback authentication scheme.
Follow these steps:
  1. Log in to the Administrative UI.
  2. Click 
    Infrastructure
    Authentication
    Authentication Schemes
    .
  3. Click
    Create Authentication Scheme.
  4. Select
    Create a new object of type Authentication Scheme
    and click
    OK
    .
  5. Enter name and description for the Authentication Scheme.
  6. Select
    Authentication Chain Template
    from the 
    Authentication Scheme Type
    drop-down.
    The
    Authentication Scheme Instance
    group box appears with the following drop-down lists:
    • Default Authentication Scheme
      : Specifies the IWA authentication scheme type, the primary authentication scheme. 
    • Fallback Authentication Scheme
      : Specifies the form-based authentication scheme type, the fallback authentication scheme. 
  7. Select the required authentication schemes in the 
    Authentication Scheme Instance
    drop-down lists.
    The Expression field shows the selected Authentication Chain Expression that you have achieved using the Authentication Chain Template.
  8. Click
    Submit
    to create the Authentication Scheme based on the Authentication Chain Template.
    The authentication scheme is saved and can now be assigned to a realm.