This discussion is archived
1 Reply Latest reply: Jan 22, 2013 2:51 AM by User517828-OC RSS

OAM WNA fallback not working

User517828-OC Newbie
Currently Being Moderated
Hi All,

I am working on OAM 11gR2 using OVD 11gR1(ADs on backend) to provide kerberos single sign on.
Following below chapter:
http://docs.oracle.com/cd/E27559_01/admin.1112/e27239/wna.htm#CHDJGJGJ

I have configured kerberos authentication module, kerb auth scheme,custom auth module etc..
Kerberos single sing on is working properly(i.e. when user login to AD domain he is not asked for credentials)
but when i try accessing the application from non-AD domain basic authentication pop-up comes, on submitting the credentials I get following error:

oracle.security.am.engines.enginecontroller.credcollect.CredCollectEngineController] [APP: oam_server#11.1.2.0.0] [SRC_METHOD: handleCollectCredentials] OAAM auth scheme: Scheme name: = KerberosScheme[[
Scheme Challenge URL: = http://oamserver.com:14100/oam/server
Scheme Challenge Mec: = WNA
Scheme Challenge Par: = {spnegotoken=string, challenge_url=/oam/CredCollectServlet/WNA}

Authentication Module Name: = KerberosPlugin
Kerberos Token Identifier token =Testuser
Kerberos Token Identifier result =FAILURE
Authentication Failure for user : Testuser, for idstore OVD_DEV_KRB with exception invalid username/password with primary error message javax.naming.AuthenticationException: [LDAP: error code 49 - LDAP Error 49 : Cannot get kdc for realm XXX.YYY.COM]

Do I need to conifgure soething extra which is not given in above doc.

Imp Confg I did:
-in OVD AD Adapter

User Name Attribute: userprincipalname
checked : "use kerberos"
Pass through mode : "Always"
- in OVD datasource

User Name Attribute: sAMAccountName
This is Default Store


- Deepika

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points