Last updated on AUGUST 25, 2017
Applies to:Oracle WebCenter Portal - Version 22.214.171.124.0 and later
Information in this document applies to any platform.
Windows integrated (native) authentication (WNA) has been configured according with the documentation at:
Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter11g Release 1 (126.96.36.199.0)
30.5 Configuring SSO for Microsoft Clients
There are "external" and "internal" users. The internal users are authenticated automatically with Kerberos without any extra authentication, once they are already logged on to Windows. The external users cannot be authenticated automatically, they need to be authenticated manually by Active Directory.
Once the providers were reordered like this, the internal users were able to login seamlessly:
- Negotiate Identity Asserter
- ActiveDirectoryAuthenticator (SUFFICIENT)
- DefaultAuthenticator (SUFFICIENT)
- Other authenticators.
However, external users have the following problem:
Internet Explorer (IE):
When trying to login from the WebCenter standard login page, the login page is re-displayed immediately, with the following error displayed on the top:
"User name and password do not match"
HTTP Server log shows:
<ip_address> - - [13/Oct/2011:10:03:57 +0100] "POST /webcenter/j_security_check HTTP/1.1" 403 5028
<ip_address> - - [13/Oct/2011:10:03:58 +0100] "GET /webcenter/afr/error.png HTTP/1.1" 200 966
<ip_address> - - [13/Oct/2011:10:04:08 +0100] "POST /webcenter/j_security_check HTTP/1.1" 403 5035
::1 - - [13/Oct/2011:10:04:15 +0100] "HEAD /index.html HTTP/1.1" 200 -
which is also confirmed by HTTP Headers:
POST /webcenter/j_security_check HTTP/1.1
Accept: image/jpeg, image/gif, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)
Accept-Encoding: gzip, deflate
Cookie: JSESSIONID=8CDfTJQJHg73nLPznvGK0QHGfJrDPB9m55vJpYgz6b43pGfnyltZ!-1718698081; IdcLocale=English-US
Authorization: Negotiate YH4GBisGAQUFAqB0MHKgMDAuBgorBgEEAYI3AgIKBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHqI+BDxOVExNU1NQAAEAAACXsgjiBgAGADYAAAAOAA4AKAAAAAYBsB0AAAAPRFVCLVdFQkNOVFItMDFJQ09OQ1I=
HTTP/1.1 403 Forbidden
Date: Tue, 11 Oct 2011 08:56:51 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Keep-Alive: timeout=5, max=100
This indicates that the HTTP Server returns 403 Forbidden error for the authentication challenge.
After restarting Spaces, it may work once or twice, but from then on it consistently fails.
The login works fine. However, before logging in, the 1st access to WebCenter shows an HTTP 401 error.
Refreshing the page fixes that problem.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms