How To Configure Kerberos SSO Authentication for Linux or Unix Based Webcenter Content
(Doc ID 1543209.1)
Last updated on JULY 20, 2024
Applies to:
Oracle WebCenter Content - Version 11.1.1.4.0 and laterInformation in this document applies to any platform.
Goal
How to configure WNA, Windows Native Authentication Single Sign On utilizing Kerberos when the Webcenter Content server is installed on a Unix or Linux server.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| The following steps are applicable for WCC 11g and 12c. |
| The primary considerations for configuring kerberos: |
| The Steps to configure kerberos for the Webcenter Content domain |
| A. Configure the Weblogic Webcenter Content domain, part 1 |
| B. Create the Active Directory host account user |
| Note: When the WCC system is on DNS. |
| C. Generate the kerberos keytab using ktpass |
| D. Add the WCC system's DNS name as an SPN to the host account |
| E. If AES 256 encryption will be utilized, update the default JDK Security Policy Files on the JDK used by the WCC |
| F. Copy the keytab file to the WCC system |
| G. Edit the krb5.conf file on the WCC system |
| H. Test the validity of the SPN and keytab files |
| I. Configure the WLS WCC Domain, part 2 |
| For Linux and Solaris the file will contain: |
| For AIX using an IBM JDK the file will contain: |
| J. For Windows 7 and newer clients, enable kerberos encryption |
| K. Configure the web browser |
| 1. For Internet Explorer, Edge, Chrome |
| 2. For FireFox |
| If the WNA is not working |
| The kerberos configuration files |
| Log file entries |
| A network sniff trace |
| Using a WLS Identity Store other than Active Directory for user authorization |
| Accessing the WCC on browser clients outside of the Windows Domain |
| References |