Log in to a Windows XP Domain Controller and start any browser that is enabled for the SPNEGO protocol.
Go to the OpenSSO Enterprise URL configured with the authentication service name.
Example : http://am.demo.identity.com/amserver/UI/Login?service=WinSSOService.
If a user can log into Windows XP Domain Controller successfully, the browser sends a Kerberos ticket to the OpenSSO Enterprise server, and the user is successfully authenticated using the Windows Desktop SSO Authentication module. .
If the user cannot authenticate to the first authentication module, then OpenSSO Enterprise prompts for user name and password and tries to authenticate using the Data Store Authentication module. If authentication fails, then the administrator should troubleshoot the authentication failure. For a short list of solutions for the most common error messages related to Windows Desktop SSO Authentication, see Troubleshooting Windows Desktop SSO Authentication Issues.