• PhenixID Server configured according to this instruction: "Federation - Username and password"
  
  
• Windows settings:
• –  Install PAS on a Windows Server that is member of an active directory domain.
– Create service account
CN=phxid,CN=Users,DC=company,DC=local
• – Change the service “PhenixID service” to be run by CN=phxid,CN=Users,DC=company,DC=local
• – Register a DNS A record: 
A    phenixid.company.local    127.0.0.1
• – Register SPN from a command prompt
:
  C:\Users\Administrator>Setspn -S HTTP/phenixid.company.local phxid

  Checking domain DC=company,DC=local
  Registering ServicePrincipalNames for CN=phxid,CN=Users,DC=company,DC=local

  HTTP/phenixid.company.local
  
Updated object
  
  C:\Users\Administrator>Setspn -S HTTPS/phenixid.company.local phxid

  Checking domain DC=company,DC=local
  Registering ServicePrincipalNames for CN=phxid,CN=Users,DC=company,DC=local
  
HTTPS/phenixid.company.local
  
Updated object
• – If testing with web browser directly on server, Loopback checks must be disabled. Do not use in prod environments!
https://support.microsoft.com/en-us/kb/896861, Workaround method 2
  
  Example values used in the description above:
  http domain: phenixid.company.local
  
Service account: CN=phxid,CN=Users,DC=company,DC=local
  
(Change the above to match your environment)

Open the Advanced tab and locate the Authentication - HTTP entry that was configured in the previous "Federation - Username and password" scenario.

Click Commit changes

1. Open the Execution flow tab and expand the flow.
2. Delete the valve #1 (InputParameterExistsValidatorValve) and valve #3 (LDAPBindValve)
3. Click Save