Oracle Access Manager (OAM) Windows Native Authentication (WNA) Using RC4-HMAC Fails "Failure unspecified at GSS-API level (Mechanism level: AES256 CTS mode with HMAC SHA1-96 encryption type not in permitted_enctypes list)"
(Doc ID 2909664.1)
Last updated on JANUARY 03, 2023
Applies to:
Oracle Access Manager - Version 11.1.2.3.160719 and laterInformation in this document applies to any platform.
Symptoms
Authentication fails after patching Windows Domain Controller With KB5020685 KB5019966
- Oracle Access Manager (OAM)
- Windows Native Authentication (WNA) Using RC4-HMAC
- Windows Patch for domain controller with KB5020685 KB5019966
- Windows client browser submit token with encryption type as RC4-HMAC
- keytab only contain RC4-HMAC key
- OAM AP Req and response is success as per tcpdump collected on OAM host. But KDC respond to OAM using AES encryption type
- Issue persist even after reverting patch KB5020685 KB5019966 on Windows DC's
Changes
Applied KB5020685, KB5019966 or KB5021654 on Windows Domain Controller
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |