1 Reply Latest reply on Jan 22, 2013 10:51 AM by User517828-OC

    OAM WNA fallback not working

      Hi All,

      I am working on OAM 11gR2 using OVD 11gR1(ADs on backend) to provide kerberos single sign on.
      Following below chapter:

      I have configured kerberos authentication module, kerb auth scheme,custom auth module etc..
      Kerberos single sing on is working properly(i.e. when user login to AD domain he is not asked for credentials)
      but when i try accessing the application from non-AD domain basic authentication pop-up comes, on submitting the credentials I get following error:

      oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController] [APP: oam_server#] [SRC_METHOD: handleCollectCredentials] OAAM auth scheme: Scheme name: = KerberosScheme[[
      Scheme Challenge URL: = http://oamserver.com:14100/oam/server
      Scheme Challenge Mec: = WNA
      Scheme Challenge Par: = {spnegotoken=string, challenge_url=/oam/CredCollectServlet/WNA}

      Authentication Module Name: = KerberosPlugin
      Kerberos Token Identifier token =Testuser
      Kerberos Token Identifier result =FAILURE
      Authentication Failure for user : Testuser, for idstore OVD_DEV_KRB with exception invalid username/password with primary error message javax.naming.AuthenticationException: [LDAP: error code 49 - LDAP Error 49 : Cannot get kdc for realm XXX.YYY.COM]

      Do I need to conifgure soething extra which is not given in above doc.

      Imp Confg I did:
      -in OVD AD Adapter

      User Name Attribute: userprincipalname
      checked : "use kerberos"
      Pass through mode : "Always"
      - in OVD datasource

      User Name Attribute: sAMAccountName
      This is Default Store

      - Deepika