IE Browser Not Sending a Kerberos Ticket if OAM WNA is Configured
Last updated on MARCH 08, 2017
Applies to:Oracle Access Manager - Version 220.127.116.11.0 and later
Information in this document applies to any platform.
Oracle Access Manager ( OAM ) is configured for Windows Native Authentication ( WNA ).
The kerberos configuration of OAM has been successfully tested via kinit.
The client is logged on to the Windows domain, where the ServicePrincipalName has been created via the ktpass command.
In Active Directory only one ServicePrincipalName exists for the OAM Server in the format of "HTTP/oam_servername.domain.com".
The "OAM Server Host" setting configured under "Access Server Settings / Load Balancing" in the oamconsole matches the server name of the ServicePrincipalName.
Internet Explorer is configured for Integrated Windows Authentication.
The client browser sends a NTLM token instead of a kerberos ticket.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms