The purpose of this article is to explain in which cases it is desirable to use an IWA-BCAAA realm instead of IWA-Direct for Authentication. Normally we recommend using IWA-Direct over IWA-BCAAA due to performance differences and less points of failure, but in some cases it may still be the only option available.
Use IWA-BCAAA if all of the following conditions apply to your environment:
NTLM is used for authentication (as there is issues with Kerberos authentication as explained in TECH244714)
The MaxConcurrentAPI settings have been modified in all the involved servers as per article TECH246270
Surrogates (IP or Cookie) cannot be used
SGOS version is prior to 6.5.2.X
In some environments it may be required to deploy IWA-BCAAA due to existing security policies. If this is the case, ensure that the version of BCAAA supports Kerberos as explained article mentioned above and that the MaxConcurrentAPI settings are set properly as well.
In order to avoid authentication-related issues, it is always advisable to run the latest General Availability SGOS version within the current branch (6.5, 6.6 or 6.7).
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.