OAM 11g WNA Fails With Error "Internet Explorer cannot display the webpage" (Doc ID 1405533.1)

Last updated on MARCH 21, 2024

Applies to:

Symptoms

Oracle Access Manager (OAM) 11g Windows Native Authentication (WNA) is failing for Windows Domain users. When a resource protected by the OAM Kerberos authentication scheme is accessed using IWA-enabled Internet Explorer (IE) browser, error "Internet Explorer cannot display the webpage" is displayed.

Access to the same resource without WNA using Firefox browser does not reproduce the problem: the OAM 11g fallback basic login popup is displayed.

There are no errors reported in the OAM managed server diagnostic log when the problem is reproduced. When TRACE logging is enabled to investigate, it shows that the last action was an HTTP Response from OAM returning 401 to prompt the browser to resend the authentication request with the Kerberos ticket. This is standard WNA functionality.

The HTTP Header trace collected from the IE browser and saved to file shows that the last request processed is the HTTP-401 response from OAM Server e.g.

However if the Resource View is chosen in the HTTP Header trace frame in the browser, it shows that IE responds after receiving the HTTP-401 with a request for GET /oam/CredCollectServlet/WNA that includes the client Kerberos ticket.

The OAM Managed Server access log shows that this second request for /oam/CredCollectServlet/WNA is never received. The Oracle HTTP Server (OHS) access_log for the OHS 11g instance that is proxying OAM Server requests also shows no sign of this request being received.


Architecture:

Windows Domain client -> Cisco ACE -> Oracle HTTP Server 11g -> OAM Managed Server.

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.