WNA Fallback To Form Fails with Error "Proper authorization is required for this area. Either your browser does not perform authorization or your authorization has failed" (Doc ID 2239957.1)

Last updated on MAY 07, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.3.160719 and later
Information in this document applies to any platform.

Goal

You have 2 authentication scheme for user authentication :
Kerberos (default) and LDAP authentication (Form Authentcation)

You are using them both for this scenario:
Users who can authenticate with kerberos ticket will get authentication with WNA.
Users, who can't be authenticated with WNA sould be authenticated with Form.

This scenario is implemented with pre-authentication rule:
str(request.requestMap['Cookie']).lower().find('oam_wna_opt_out=true') >= 0
It's wna fallback to form authentication.

Everything works fine in case user's browser is configured for WNA.
I mean Firefox has this config: "network.negotiate-auth.trusted-uris: http://,https://"
Users from AD domain can be authorized.

In case user's browser is not configured (no changes was made with default config ), User have this error:
"Proper authorization is required for this area. Either your browser does not perform authorization or your authorization has failed."


Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms