Version Affected: All
Description:
IWA is not working as expected and error logs are filling up with below error:
"Error Message: The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'CustomBinding' ('Negotiate'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
Resolution:
Step-by-step to fix the error
-
Open up IIS Manager and navigate the realm/application under “Default Web Site”
-
Expand realm/application and select Webservice at the bottom of the list.
-
Select Content View at the bottom of the center pane.
-
Select WSTrust.svc
-
Select “Switch to Feature View” in the right side pane.
6. Select "Authentication"
7. Make sure all the below Authentication methods are enabled:
8. Test and verify errors are not showing in logs and verify that the IWA Login workflow is working as expected
Special Considerations (optional as needed):
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.