How To Configure Kerberos SSO Authentication for the Webcenter Content UI
(Doc ID 2003345.1)
Last updated on MARCH 05, 2024
Applies to:
Oracle WebCenter Content - Version 11.1.1.8.0 and laterInformation in this document applies to any platform.
Goal
How to configure WNA, Windows Native Authentication Single Sign On utilizing Kerberos when the Webcenter ADF Content UI.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Goal |
| Solution |
| The primary considerations for configuring kerberos |
| The Steps to configure kerberos for the Content UI domain |
| A. Configure the Content UI domain, part 1 |
| B. Create the Active Directory host account user |
| C. Generate the kerberos keytab using ktpass |
| D. If AES 256 encryption will be utilized, update the default JDK Security Policy Files |
| E. Copy the keytab file to the UI system |
| F. Edit the krb5.conf or krb5.ini file on the UI system |
| G. Test the validity of the SPN and keytab files |
| H. Configure the WLS UI Domain, part 2 |
| I. For Windows 7 and newer clients, enable kerberos encryption |
| J. Configure the web browser |
| If the WNA is not working |
| The kerberos configuration files |
| Log file entries |
| A network sniff trace |
| Using a WLS Identity Store other than Active Directory for user authorization |
| Accessing the UI on browser clients outside of the Windows Domain |
| References |