Authentication Chain with Kerberos Authentication Scheme Fallback to Form

Document ID : KB000100471
Last Modified Date : 07/06/2018
Show Technical Document Details
Question:
We have setup IWA using Access Gateway with Kerberos. 

We are trying to configure Authentication Chain in order to setup Kerberos Authentication fallback to Form.
 
However, while configuring authentication chaining, we observe that the Kerberos Authentication Scheme does appear on the drop down list in the create Authentication schema wizard. 

How can we resolve this?
Environment:
CA Single Sign.On PS 12.7SP2 on Linux RH 7.5 
CA Access Gateway 12.7SP2 on Linux RH 7.5
Answer:
This behavior is expected as authentication chaining does not support Kerberos authentication scheme.

You will have to configure IWA Fallback to Forms Using Authentication Chain as documented:

https://docops.ca.com/ca-single-sign-on/12-7/en/configuring/policy-server-configuration/authentication-schemes/authentication-chaining/configure-iwa-fallback-to-forms-using-authentication-chain 
 
Additional Information:
https://docops.ca.com/ca-single-sign-on/12-7/en/configuring/policy-server-configuration/authentication-schemes/authentication-chaining/configure-iwa-fallback-to-forms-using-authentication-chain