How to configure Desktop Integration Siebel Agent (DISA) for Microsoft Active Directory with Kerberos Authentication
Last updated on APRIL 03, 2018
Applies to:Siebel CRM - Version 15.9 [IP2015] and later
Information in this document applies to any platform.
Some users report that Desktop Integration Siebel Agent (DISA) is not working properly after import CA certificate into the DISA Java JRE Keystore. The following error message below was capture in DISA logs:
After further investigation, we were able to identify that customer was using Single Sign On(SSO) on Microsoft Active Directory with Kerberos Authentication.
Kerberos is a computer network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
DISA supports Kerberos authentication using the Java Generic Security Services (GSS) API with SPNEGO, SPNEGO is the Simple and Protected GSS-API Negotiation Mechanism, standardized at IETF in RFC 4178. It is a pseudo-security mechanism used to negotiate an underlying security mechanism. It provides the flexibility for client and server to securely negotiate a common GSS security mechanism.
When a request from DISA requires Kerberos authentication, DISA will first try to use the local cached TGT (Ticket Granting Ticket) session key, if local TGT cache is no available, DISA will prompt for username and password using a dialog.
For local TGT cache, DISA will first search the Windows LSA (Local Security Authority) for TGT, if no TGT found in LSA, it will looking for local credential cache file.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms