IE Browser Not Sending a Kerberos Ticket if OAM WNA is Configured
(Doc ID 1536461.1)
Last updated on MARCH 08, 2017
Applies to:Oracle Access Manager - Version 184.108.40.206.0 and later
Information in this document applies to any platform.
Oracle Access Manager ( OAM ) is configured for Windows Native Authentication ( WNA ).
The kerberos configuration of OAM has been successfully tested via kinit.
The client is logged on to the Windows domain, where the ServicePrincipalName has been created via the ktpass command.
In Active Directory only one ServicePrincipalName exists for the OAM Server in the format of "HTTP/oam_servername.domain.com".
The "OAM Server Host" setting configured under "Access Server Settings / Load Balancing" in the oamconsole matches the server name of the ServicePrincipalName.
Internet Explorer is configured for Integrated Windows Authentication.
The client browser sends a NTLM token instead of a kerberos ticket.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!