My Oracle Support Banner

IE Browser Not Sending a Kerberos Ticket if OAM WNA is Configured (Doc ID 1536461.1)

Last updated on MAY 11, 2023

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.


Oracle Access Manager ( OAM ) is configured for Windows Native Authentication ( WNA ).

The kerberos configuration of OAM has been successfully tested via kinit.

The client is logged on to the Windows domain, where the ServicePrincipalName has been created via the ktpass command.

In Active Directory only one ServicePrincipalName exists for the OAM Server in the format of "HTTP/<FQDN_OAM_SERVER>".

The "OAM Server Host" setting configured under "Access Server Settings / Load Balancing" in the oamconsole matches the server name of the ServicePrincipalName.

Internet Explorer is configured for Integrated Windows Authentication.


The client browser sends a NTLM token instead of a kerberos ticket.





To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.