WNA Login to SSO Fails With 'Page Cannot Be Displayed'
Last updated on JULY 01, 2016
Applies to:Oracle Application Server Single Sign-On - Version 9.0.4 and later
IBM AIX on POWER Systems (64-bit)
***Checked for relevance on 02-JUL-2015***
WNA authentication fails with error 'Page Cannot be Displayed' with 10gAS SSO.
OC4J_SECURITY startup completes without errors.
The client has a valid Kerberos ticket for the SSO site principal, as verified by the Windows Kerbtray utility or klist ouput.
$ORACLE_HOME/sso/log/ssoServer.log in debug mode shows:
i.e., SSO does not receive a Remote User Name from OC4J_SECURITY, signifying that the client Kerberos ticket validation failed.
However, there are no errors in opmn/logs/OC4J~OC4J_SECURITY~default_island~1 when client WNA authentication fails.
HTTP Header trace shows that the browser sends the client Kerberos ticket after receiving the HTTP-401 Authorization request from SSO.
HTTP Server debug log shows that SSO returns HTTP-401 request again after receiving the client Kerberos ticket.
If 'Enable Windows Native Authentication' is unset in the browser options, SSO fallback authentication succeeds.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms