My Oracle Support Banner

IE Browser Not Sending a Kerberos Ticket if OAM WNA is Configured (Doc ID 1536461.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Access Manager ( OAM ) is configured for Windows Native Authentication ( WNA ).

The kerberos configuration of OAM has been successfully tested via kinit.

The client is logged on to the Windows domain, where the ServicePrincipalName has been created via the ktpass command.

In Active Directory only one ServicePrincipalName exists for the OAM Server in the format of "HTTP/oam_servername.domain.com".

The "OAM Server Host" setting configured under "Access Server Settings / Load Balancing" in the oamconsole matches the server name of the ServicePrincipalName.

Internet Explorer is configured for Integrated Windows Authentication.

 

The client browser sends a NTLM token instead of a kerberos ticket.

 



Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution


This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.