 |
|
|
|
|
|
|
|
|
|
|
 |
 |
|
||||||||
 |
    |
|
||||||||
 |
|
|
||||||||
|
|
|||||||||
|
Windows
Native Authentication The Oracle SSO server has a feature which enables Microsoft Internet Explorer users to automatically authenticate to their web applications using their desktop credentials. This is known as Windows Native Authentication (a.k.a. Auto Sign-on). When a user logs into their Windows desktop, a Kerberos session ticket is generated which contains among other things, the users login credentials. This Kerberos session ticket is not visible to the user. If Windows Native Authentication (WNA) has been configured on the Oracle SSO Server, users will be able to click on their web application and not be challenged for credentials. Instead, their Kerberos session ticket which includes their Windows desktop credentials will be passed through the browser to the Oracle SSO server. The SSO server will validate the credentials by checking them against the KDC server on the Windows domain server. If authentication succeeds the user will be granted access to their web applications automatically. In this hands-on session we will show you how to configure Windows Native Authentication. Prerequisites Oracle Internet Directory must be configured for Active Directory Import Oracle Internet Directory must be configured for External Authentication
Topics covered in this exercise Setup Kerberos Configuring your "krb5.conf" file on your UNIX OS and verify server clocks Creating the Oracle SSO host account in Active Directory Generating your "keytab" file and testing your Kerberos login File Editing Easy Configuration File Editing Manual Configuration Configuring your "opmn.xml" and "jazn.xml" files Configuring your "jazn-data.xml" and "web.xml" files Configuring your "orion-application.xml" and "policy.properties" files Testing |
 |
|
||||||||
 |
 |
 |
 |
 |
|
|||||
 |
|
|||||||||
