问题
We are using WSO2 Identity Server for user authentication. We have upgraded from WSO2 IS 5.2.0 version to WSO2 IS 5.3.0. We are using the IWA (Integrated Windows Authentication) for user authentication for our applications.
In WSO2 5.3.0 version we do not see the option to select IWA under the Authentication Type “Local Authentication” while registering the application under “Service Provider”. This option was available in WSO2 IS 5.2.0 and we were able to use it properly.
Can you please let us know if this feature is deprecated or disabled in the WSO2 IS 5.3.0 version? Please let us know the steps to enable IWA in WSO2 IS 5.3.0
回答1:
From IS 5.3.0 onwards we moved to Kerberos based IWA Authentication. The motive behind this decision was to overcome the limitations faced in NTLM based IWA.
To mention a few, NTLM based IWA forced the WSO2 Identity Server to be run on Windows and the AD was required to plugged in as the primary user store. To read more about IWA Authentication using Kerberos please refer this blog.
So to answer,
Can you please let us know if this feature is deprecated or disabled in the WSO2 IS 5.3.0 version? Please let us know the steps to enable IWA in WSO2 IS 5.3.0
Yes, we deprecated the NTLM based IWA Authenticator in IS 5.3.0. However, for the benefit of the users preferring to use the NTLM based authenticator we have the tag compatible with IS 5.3.0.
You can build the tag and drop the authenticator jar to IS_HOME/repository/components/dropins. Then you should be able to see the authenticator listed under local authenticators and use it as in IS 5.2.0
回答2:
Are you sure it is activated in your installed instance :
Open the <wso2is_home>/repository/conf/security/authenticators.xml file and add the following lines inside the <Authenticators> tag.
<Authenticator name="IWAUIAuthenticator" disabled="false">
<Priority>5</Priority>
</Authenticator>
Source : https://docs.wso2.com/display/IS530/Configuring+IWA+Single-Sign-On
Jeff
来源:https://stackoverflow.com/questions/47506106/wso2-is-5-3-0-iwa-authentication-option-not-available