PowerShell web access lets you choose the authentication type. By default, it uses a value of Default, which ends up being Negotiate. I have set up CredSSP to allow logging into the PSWA server itself with CredSSP, so that network authentication works from within the session (avoids a double hop issue, without delegating credentials all over the network).
Anyway, I want CredSSP to be the default option on the sign-in page.
Looking into the configuration options for the PSWA web app in IIS, there are several values that can be set to override the defaults.
One of them is called defaultAuthenticationType which is a string but is set to 0.
This seems like the right setting, but I can't get it to work.
If I inspect the sign in web page I can see that the select box has the following values:
0 Default
1 Basic
2 Negotiate
4 CredSSP
5 Digest
6 Kerberos
3 is missing.
JosefZ found that 3 is NegotiateWithImplicitCredential according to this page, but on Windows PowerShell 5.1.15063.966 for me that name/value is missing from the enum.
If I set defaultAuthenticationType to a number, then the web page defaults to a new option:
7 Admin Specified
I have tried 3 and 4, but neither one works. The login happens using Kerberos, and CredSSP is not used.
If I select CredSSP manually it works as expected.
If I set defaultAuthentcationType to a string like CredSSP, no Admin Specified option appears and it just defaults to Default again, and still Kerberos authentication is used.
Has anyone been able to successfully set this? Web results have been very lacking.
try following this guide it should get you where you want to go. https://www.petri.com/powershell-web-access-configuration