My Oracle Support Banner

How To Get Started when Troubleshooting Kerberos Issues For WebCenter Content Domains (Doc ID 2090865.1)

Last updated on MARCH 05, 2024

Applies to:

Oracle WebCenter Content - Version 11.1.1.6.0 and later
Information in this document applies to any platform.

Goal

When the WebCenter Content domain is configured for WNA, Windows Native Authentication SSO utilizing kerberos and is not working (users are getting prompted to log in), troubleshooting the cause can be difficult.

This is due, among other reasons, that there isn't always going to be a solid error or exception generated that defines the cause.

The purpose of this SR is to offer guidance on how to get started to determine the cause of the authentication failure and where to look for the cause of the failure.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
 What's required for troubleshooting
 The first step is to verify the domain kerberos configuration
 Start by looking at the <WCC MS>.log file log for kerberos related messages or exceptions
 A look at a common cause
 A. Missing SPN
 A typical reason the SPN is missing is that kerberos will always negotiate the ticket using the WCC system's DNS name.
 B. Duplicate SPN
 Past the initial common cause
 Example exceptions
 For more errors see Oracle documents
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.