IE Browser Not Sending a Kerberos Ticket if OAM WNA is Configured (Doc ID 1536461.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Access Manager ( OAM ) is configured for Windows Native Authentication ( WNA ).

The kerberos configuration of OAM has been successfully tested via kinit.

The client is logged on to the Windows domain, where the ServicePrincipalName has been created via the ktpass command.

In Active Directory only one ServicePrincipalName exists for the OAM Server in the format of "HTTP/oam_servername.domain.com".

The "OAM Server Host" setting configured under "Access Server Settings / Load Balancing" in the oamconsole matches the server name of the ServicePrincipalName.

Internet Explorer is configured for Integrated Windows Authentication.

 

The client browser sends a NTLM token instead of a kerberos ticket.

 



Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms