Last updated on APRIL 16, 2017
Applies to:Oracle Access Manager - Version 22.214.171.124.5 and later
Information in this document applies to any platform.
OAM WNA fails in Multi domain/multi forest where there is no trust between domains
forest 1 - TEST.ORACLE.COM
forest 2 - TEST1.ORACLE.COM
In the custom authentication module, there is a step KTA. It accepts an input KEY_PRINCIPAL as an argument.
If they give KEY_PRINCIPAL as HTTP/ssologin-stg02.oracle.com@TEST.ORACLE.COM WNA from TEST.ORACLE.COM works and WNA from TEST1.ORACLE.COM fails.
Because whatever AD end User login it send the token to TEST.ORACLE.COM KDC
On the other hand if we give KEY_PRINCIPAL as HTTP/ssologin-stg02.oracle.com@TEST1.ORACLE.COM - WNA from TEST1.ORACLE.COM works and WNA from
TEST.ORACLE.COM fails. (Same as above - Because whatever AD end user logs in it send the token to TEST1.ORACLE.COM KDC.
(self-tuning)'] [userId: <anonymous>] [ecid:0001Zx3Y7bY2ZNxLoAG7yY00018e000IO0,0:3] [APP: oam_server#126.96.36.199.0] [URI:
/oam/CredCollectServlet/WNA] Failure unspecified at GSS-API level (Mechanism level: Checksum failed)[[GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed) at
This issue was duplicated in internal LAB
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
Million Knowledge Articles and hundreds of Community platforms