Oracle Access Manager (OAM) Can Its Kerberos Authentication Module Use Stronger Pre-authentication Mechanism
(Doc ID 2757405.1)
Last updated on DECEMBER 14, 2023
Applies to:
Oracle Access Manager - Version 12.2.1.3.200908 and laterInformation in this document applies to any platform.
Goal
- Can the Kerberos Authentication Module use stronger pre-authentication mechanism?
- Is OAM Kerberos WNA plugin able to read this Authentication indicators that are stored in the kerberos ticket and knows if the user was using a normal Kerberos ticket of a Kerberos ticket with MFA during authentication?
- Oracle Access Manager (OAM) 12c
Background
Starting on version 1.14, Kerberos can be configured to annotate tickets if the client authenticated using a stronger preauthentication mechanism such as PKINIT or OTP. ( Hardware tokens for example for MFA in windows)
Reference - MIT Kerberos Documentation - Authentication indicators
Starting on version 1.14, Kerberos can be configured to annotate tickets if the client authenticated using a stronger preauthentication mechanism such as PKINIT or OTP. ( Hardware tokens for example for MFA in windows)
Reference - MIT Kerberos Documentation - Authentication indicators
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |