Policy Server Guides › Policy Server Configuration Guide › Authentication Schemes › Windows Authentication Schemes › Windows Authentication Scheme Prerequisites

Windows Authentication Scheme Prerequisites

Ensure the following prerequisites are met before configuring a Basic over SSL authentication scheme:

• For legacy WinNT directories or Active Directory in mixed mode:
  • The user directory connection you create in the Administrative UI specifies the WinNT namespace.
  • The requested resources can be located on any type of web server, but the authentication server and the Web Agent protecting those resources must be on a Microsoft IIS web server.
• For Active Directories running in native mode:
  • User data resides in an Active Directory.
  • User directory connections must specify either an LDAP or AD namespace.
  • The requested resources can be located on any type of web server, but the authentication server and the Web Agent protecting those resources must be on a Microsoft IIS web server.
  • Client and server accounts are enabled for delegation.
• Users must log in using Internet Explorer Web browsers (4.0 or later).
• To work on IIS6 in Windows 2003, the "Verified that file exists" option in the Wildcard Application Maps must not be set.
• Windows Authentication schemes also require that any virtual directory on the IIS web server that contains the creds.ntc file remain unprotected.
• Internet Explorer browser options are setup to allow automatic logon with a user’s current username and password.

To configure automatic logon in Internet Explorer 5.x and 6.x Browsers

1. From the menu bar in Internet Explorer, select Tools, Internet Options.
2. The Internet Options dialog opens.
3. Click the Security tab to bring it to the front.
4. Select your Internet zone and click Custom Level.
5. The Security Settings dialog opens.
6. Scroll down to User Authentication, Logon.
7. Select the Automatic logon with current username and password radio button.
8. Click OK.

To configure automatic logon in Internet Explorer 4.x Browsers

1. From the menu bar in Internet Explorer, select View, Internet Options.
2. The Internet Options dialog opens.
3. Click the Security tab to bring it to the front.
4. Select your Internet zone from the drop down list.
5. In the Internet zone group box, select the and click Custom radio button and click Settings.
6. The Security Settings dialog opens.
7. Scroll down to User Authentication, Logon.
8. Select the Automatic logon with current username and password radio button.
9. Click OK.

Review Windows Authentication Scheme Considerations

The IIS web server, not the Policy Server, performs authentication-based on credentials it receives from the Internet Explorer web browser. Therefore, you cannot use the OnAuthAttempt authentication event to redirect users who do not exist in the user store.