The Kerberos authentication protocol provides a mechanism for mutual authentication between entities before a secure network connection is established.
This section provides information on how to configure Windows Native Authentication and Kerberos to use the DCC with Access Manager. It contains the following topics.
Note:
See Understanding Credential Collection and Login for details on DCC.
You can initialize Access Manager for the Kerberos protocol.
To initialize:
You can configure Access Manager to use the Kerberos Authentication Module.
To configure:
Modify the Challenge Method of the Kerberos authentication scheme to WNA, if applicable.
In the Oracle Access Management Console, click Application Security at the top of the window.
In the Launch Pad tab, click Authentication Schemes in the Access Manager section.
Search for KerberosScheme and click Edit.
Change the Challenge Redirect URL to DCC WebGate URL.
For example, http://<DCC-WebGate-Hostname>:<Port>/
Click Apply and close the page.
Configure the User Identity Store for LDAP Authentication Module to the configured Windows data store.
In the Oracle Access Management Console, click Application Security at the top of the window.
In the Launch Pad tab, click Authentication Modules in the Access Manager section.
Search for LDAP and click Edit.
Change the User Identity Store to, for example, Active Directory.
Click Apply and close the page.
Configure the Application Domain protecting the resource to use the Kerberos authentication scheme.
Before accessing the protected resource ensure that its URL is added to the local intranet Site of Security. Additionally, check the Enable Integrated Windows Authentication option under Security in the Advance tab.