My Oracle Support Banner

How To Configure Kerberos SSO Authentication for Windows Based Webcenter Content (Doc ID 1538191.1)

Last updated on MAY 27, 2021

Applies to:

Oracle WebCenter Content - Version and later
Information in this document applies to any platform.


 How to configure WNA, Windows Native Authentication Single Sign On utilizing Kerberos when the Webcenter Content server is installed on a Windows server


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 The following steps are applicable for WCC 11g and 12c.
 The primary considerations for configuring kerberos
 The Steps to configure kerberos for the Webcenter Content domain
 A. Configure the Weblogic Webcenter Content domain, part 1
 B. Create the Active Directory host account user
 Note: When the WCC system is on DNS.
 C. Generate the kerberos keytab
 D. Add the WCC system's DNS name as an SPN to the host account
 E. If AES 256 encryption will be utilized, update the default JDK Security Policy Files on the JDK used by the WCC
 F. Copy the keytab file to the WCC system
 G. Create the krb5.ini file on the WCC system
 H. Test the validity of the SPN and keytab files
 I. Configure the WLS WCC Domain, part 2
 J. For Windows 7 and newer clients, enable kerberos encryption
 K. Configure the web browser
 1. For Internet Explorer
 2. For FireFox
 L. If used, configure for Windows Services
 If the WNA is not working
 The kerberos configuration files
 Log file entries
 A network sniff trace
 Using a WLS Identity Store other than Active Directory for user authorization
 Accessing the WCC on browser clients outside of the Windows Domain

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.