My Oracle Support Banner

Step-by-Step Instructions to Configure Single Sign-On with Microsoft Clients (Doc ID 1401327.1)

Last updated on OCTOBER 11, 2023

Applies to:

Oracle WebLogic Server - Version 10.3 and later
Information in this document applies to any platform.


This article will walk you through the detailed process of setting up single sign-on (SSO) with Microsoft Windows clients, using Windows authentication based on the Simple and Protected Negotiate (SPNEGO) mechanism and the Kerberos protocol, together with the WebLogic Negotiate Identity Assertion provider and the Active Directory Authenticator.

The main steps in this article, sections 3 to 10, discuss all the steps detailed in the Oracle WebLogic Server document Configuring Single Sign-On with Microsoft Clients. Readers of this article should review the documentation in advance. 


Before reading this document, the user must have a good understanding of WebLogic Server security management.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 1. Introduction
 2. Scenario
 3. Install Microsoft Active Directory Domain Controller
 4. Configuring the Network Domain to Use Kerberos: krb5.ini
 5. Create a Kerberos Identification for WebLogic Server
 6. Configuring an Internet Explorer Browser
 7. Configuring JAAS Login File: krb5Login.conf
 8. Configuring WebLogic a New Identity Assertion Provider
 9. Configuring WebLogic an Active Directory Authenticator
 10. Configuring setDomainEnv.cmd
 11. Troubleshooting the SSO Configuration

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.