Configure IWA Fallback to Forms Using Authentication Chain

You can configure IWA Fallback to form-based authentication schemes using Authentication Chain. Authentication Chaining helps you combine the existing authentication schemes to build a chain. As a prerequisite, your environment must have at least one Windows authentication scheme and one form-based authentication scheme.
casso1283
You can configure IWA Fallback to form-based authentication schemes using Authentication Chain. Authentication Chaining helps you combine the existing authentication schemes to build a chain. As a prerequisite, your environment must have at least one Windows authentication scheme and one form-based authentication scheme.
To configure IWA Fallback to form-based authentication schemes using the Administrative UI, you need to first create an authentication scheme type of the Authentication Chain template and select a primary authentication scheme and a fallback authentication scheme.
The Authentication Chain implementation in
SiteMinder
is limited to Access Gateway. Ensure that Access Gateway is configured to support IWA. If you do not define or set the value of the 
WindowsNativeAuthentication
 ACO parameter, Access Gateway does not support Windows authentication. For more information, see Configure Access Gateway to Support Integrated Windows Authentication.
Follow these steps:
  1. Log in to the Administrative UI.
  2. Click 
    Infrastructure
    Authentication
    Authentication Schemes
    .
  3. Click
    Create Authentication Scheme.
  4. Select
    Create a new object of type Authentication Scheme
    and click
    OK
    .
  5. Enter name and description for the Authentication Scheme.
  6. Select
    Authentication Chain Template
    from the 
    Authentication Scheme Type
    drop-down.
    The
    Authentication Scheme Instance
    group box appears with the following drop-down lists:
    • Default Authentication Scheme
      : Specifies the IWA authentication scheme type, the primary authentication scheme. 
    • Fallback Authentication Scheme
      : Specifies the form-based authentication scheme type, the fallback authentication scheme. 
  7. Specify the Protection Level.
    When a user session is created, Protection Level of the Authentication Chain Template that you specify takes precedence over the protection levels of the individual authentication schemes that has been configured.
  8. Select the required authentication schemes in the 
    Authentication Scheme Instance
    drop-down lists.
    The Expression field shows the selected Authentication Chain Expression that you have achieved using the Authentication Chain Template.
  9. Click
    Submit
    to create the Authentication Scheme based on the Authentication Chain Template.
    The authentication scheme is saved and can now be assigned to a realm.