Windows NT Authenticator: Provider Specific
Configuration Options Related Tasks Related Topics
Use this page to define the provider specific configuration of this Window NT Authentication provider.
Note: The Windows NT Authentication provider is deprecated as of WebLogic Server 10.0. Use one or more other supported authentication providers instead.
Configuration Options
Name Description Domain Controllers The domain controllers used for locating unscoped usernames during authentication, listing users/groups, and handling unscoped names.
Possible settings:
- Local
--local machine only.
- LocalAndDomain
--the local machine and the domain in which the machine is a member (if it is not standalone).
- Domain
--the domain in which the machine is a member.
- List
--Use the domain controllers specified in the Domain Controller List setting.
MBean Attribute:
WindowsNTAuthenticatorMBean.DomainControllers
Domain Controller List A list of the domain controllers used for locating unscoped usernames during authentication, listing users/groups, and handling unscoped names. Use if the Domain Controllers is set to List.
The specified list should contain the domain controller names in trusted domains. Placeholders are supported and will expand if specified. Supported placeholders are [Local],[LocalAndDomain], [Domain].
MBean Attribute:
WindowsNTAuthenticatorMBean.DomainControllerList
Bad Domain Controller Retry Determines how the provider reacts when a bad domain controller name is found.
Possible settings:
- Delay
indicates the domain controller can be used again only after a certain amount of time has elapsed since it was last tried unsuccessfully.
- Never
indicates a bad domain controller is never retried.
- Always
indicates a bad domain controller is always retried.
MBean Attribute:
WindowsNTAuthenticatorMBean.BadDomainControllerRetry
Bad Domain Controller Retry Interval This time to wait when a bad domain controller name is found before trying to use the domain controller again. Use if the BadDomainControllerRetry is set to Delay. This setting helps reduce performance hits when a domain controller in the list of controllers is temporarily unavailable.
MBean Attribute:
WindowsNTAuthenticatorMBean.BadDomainControllerRetryInterval
Map UPN Names Indicates how the Windows NT Authentication provider should map UPN-style names for authentication (that is, whether
username@domain
is used).Possible settings:
- First--names that match the UPN format should be treated as a UPN name first. If the name isn't a UPN name, the name will be treated as an unscoped name.
- Last--names that match the UPN format should be treated as a UPN name only if the name failed to be matched as an unscoped name.
- Always--names that match the UPN format will always be treated as a UPN name.
This setting should only be used when there are no usernames with @. domain\\username is not ambiguous and is always allowed.
MBean Attribute:
WindowsNTAuthenticatorMBean.MapUPNNames
Logon Type Specifies whether the logon process should use Network or Interactive logon.
MBean Attribute:
WindowsNTAuthenticatorMBean.LogonType
Map NT Domain Name Specifies whether the Windows NT domain information should be placed into principal names during authentication.
Possible settings:
- Never--the Windows NT domain name is not placed in the principal names.
- OldUPN--the Windows NT domain name is placed in the principal names as domain\\name.
- UPN-- the Windows NT domain name is placed in the principal names as name@domain.
MBean Attribute:
WindowsNTAuthenticatorMBean.MapNTDomainName