We've installed and configured Weblogic 10.3.6 with WebCenter Content 18.104.22.168 and WNA authentication. Everything seems to work, users inside the AD domain can login automatically using both IE and Firefox, but we've received a new requirement for our environment, we need to allow users to login from outside our network (i.e. the internet) also. Obviously this should happen through normal username/password provided by the user on the login page.
Initial tests show that when trying to authenticate externally we get an authentication pop-up from IE (and a http 401 error on firefox) and then the login page. Even though eventually the client can login to the app, the double login is not accepted by management.
We tried adding the following tag to security configuration on config.xml: <enforce-valid-basic-auth-credentials>false</enforce-valid-basic-auth-credentials>. But after restarting the domain the issue persists.
Reading oracle support note "How To Configure Kerberos SSO Authentication for Linux or Unix Based Webcenter Content [ID 1543209.1]" we found the following:
"Accessing the WCC on browser clients outside of the Windows Domain
After the kerberos is configured, the WCC will still be accessable on browser clients outside of the Windows Domain.
But because of the identity asserter the following will occur:
After clicking the Login button, an Authentication window will pop up.
Enter the User Name and Password. The browser will then be redirected to the WCC Login page.
The browser will generate a 401 error at the adfAuthentication?login=true page.
In the URL, clear out the adfAuthentication?login=true and enter the WCC RelativeWebRoot. The browser will be redirected to the WCC Login page."
Is there anyway to resolve this? Or is it a limitation of using weblogic+WNA+WCC?
Do we need to use OAM+WNA to allow both domain users autologin plus external users normal authentication?