000021492 - Resource protected by Integrated Windows Authentication (IWA) prompts for IWA and BASIC

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021492
Applies ToMicrosoft Windows Server 2003
RSA ClearTrust configured for Microsoft Integrated Windows Authentication (IWA)
Microsoft Internet Information Server (IIS)
RSA ClearTrust Agent 4.5 for Microsoft IIS
IssueResource protected by Integrated Windows Authentication (IWA) prompts for IWA and BASIC
A resource has been correctly configured under Microsoft Internet Information Services (IIS) 6 and RSA ClearTrust Agent 4.6 for Integrated Windows Authentication (IWA). However, after the user has successfully authenticated against IWA they are still prompted for BASIC authentication.
CauseRSA ClearTrust Agent was configured to protect the requested resource against Integrated Windows Authentication (IWA), but was also configured to protect the server root with BASIC, e.g.:

    cleartrust.agent.auth_resource_list=/*=BASIC, /exchange/*=IWA, /exchweb/*=IWA, /public/*=IWA
ResolutionWhen the root directory is protected against BASIC, you will need to add the Integrated Windows Authentication (IWA) CT_home.asp page to the exclusion list. For example, if you IWA, ct_home.asp page is defined like this:

    cleartrust.agent.iwa_auth_logon_form= /cleartrust/iwa/ct_home.asp

You will also need to add it to the exclusion list like this:

    cleartrust.agent.url_exclusion_list= /cleartrust/iwa/ct_home.asp
Legacy Article IDa23142

Attachments

    Outcomes