See Assumptions: Kerberos Environment for assumptions related to the network environment.
Active Directory security groups and users are available to support the WebLogic Server to Active Directory handshake. See “Configuring Single Sign-on with Microsoft Clients” in Oracle Fusion Middleware Securing Oracle WebLogic Server.
The Active Directory user must be able to log in to WebLogic Server as a power user, preferably as WebLogic Server Administrator. The user account is updated by selecting Use DES encryption types for this account.
See Microsoft documentation for detailed information.
The configuration must support the use of the web server DNS name (reverse proxy) as Kerberos Service Principal Name.
The myrealm security realm in the WebLogic Server domain is modified to add Active Directory as the authentication provider. See WebLogic Server documentation for detailed information.