Hello
I have installed 11.1.1.7 on a windows server and configured AD. While trying to configure SSO with Kerberos following instructions from Oracle tech white paper and from different blogs, I haven't been able to sign in with out being prompted for username and password. I have enabled atn and I see the following errors.
1) No valid credentials provided (Mechanism level: Failed to find any Kerberos Key) error.
2) [Security:090300]Identity Assertion Failed: User OracleSystemUser does not exist.
3) <acceptGssInitContextToken failed
com.bea.security.utils.kerberos.KerberosException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
This is what we have in krb5Login.conf
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required principal="ssoserver@realm"
useKeyTab=true keyTab=ssoserver.keytab
storeKey=true
debug=true;
};
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required principal="ssoserver@abcd.com"
useKeyTab=true
keyTab=ssoserver.keytab
storeKey=true
debug=true;
};
com.sun.security.jgss.krb5.accept {
com.sun.security.auth.module.Krb5LoginModule required principal="ssoserver@abcd.com"
useKeyTab=true
keyTab=ssoserver.keytab
storeKey=true
debug=true;
};
web.xml
<security-constraint>
<display-name>Secuirty Constraint for SSO</display-name>
<web-resource-collection>
<web-resource-name>BIANALYTICS</web-resource-name>
<url-pattern>/*</url-pattern>
<url-pattern>/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>SSORole</role-name>
</auth-constraint>
</security-constraint>
<security-role>
<role-name>SSORole</role-name>
</security-role>
<login-config>
<auth-method>Basic</auth-method>
<realm-name>default</realm-name>
</login-config>
weblogic.xml
<security-role-assignment>
<role-name>SSORole</role-name>
<principal-name>Intranet Users</principal-name>
</security-role-assignment>