How to Configure Oracle Access Manager (OAM) 11g WNA to Fallback When Presented With an NTLM Token (Doc ID 1499433.1)

Last updated on APRIL 19, 2017

Applies to:

Oracle Access Manager - Version 11.1.1.5.0 to 11.1.2.0.0 [Release 11g]
Information in this document applies to any platform.

Goal

How to Configure Oracle Access Manager (OAM) 11g WNA to Fallback when presented an NTLM Token

Oracle Access Manager ( OAM ) Windows Native Authentication ( WNA ) implementation is based on the Microsoft "HTTP Negotiate" authentication extension and requires a valid Kerberos ticket to be sent by Microsoft Internet Explorer ( IE ). The Microsoft Internet Explorer must be enabled for "Integrated Windows Authentication" to be able to use WNA. If the Internet Explorer is enabled for "Integrated Windows Authentication", but the user is not logged on to a Windows Domain via Kerberos authentication, the Internet Explorer sends a NTLM token instead of a Kerberos token to the OAM server for authentication. The OAM Server using the default configuration throws an authentication error , if a NTLM token is received and does not provide fallback authentication.

 
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms