OAM 11g : How to use OAM and NTLM/Kerberos negotiation with Windows 7

(Doc ID 1379388.1)

Last updated on SEPTEMBER 21, 2016

Applies to:

Oracle Access Manager - Version: and later   [Release: and later ]
Information in this document applies to any platform.

(JDK , Weblogic, RDBMS, LDAP, Web Server ) ###
Jrockit 1.6.0, WLS 10.3.5, WebGate 10g (Linux x64)

2) # SSO Implementation type ###
Single Network Domain SSO.

3) ### OAM Agent type ###
OAM 10g WebGates.
IDM Domain Agent.


User Experiences a 302 redirection loop between Webgate and OAM when an IE7/8 client
browser is used in conjunction with Windows 7.

I want to start off stating that this is not a OAM product defect.
What is happening  is that OAM only supports only Kerberos and Windows 7 will initially send NTLM. 

Negotiation will occur to Kerberos, but when the Windows 7 environment retransmits the packet,
it will have required information stripped off (partial packet).

The reason why Windows 7 did this was for optimization and Microsoft won't be changing.


The triggering event for this issue is if the client browser is running on a Windows 7 environment.

You can run IE7/IE8, Firefox, etc on any supported Windows environment and the issue won't be seen.

The issue is caused if a user is running their browser on a Windows 7 environment.


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms