The Negotiate Identity Assertion provider enables SSO with Microsoft clients. It decodes SPNEGO tokens to obtain Kerberos tokens, validates the Kerberos tokens, and maps the tokens to WebLogic users. The Negotiate Identity Assertion provider, an implementation of the Security Service Provider Interface (SSPI) as defined by the WebLogic Security Framework, provides the necessary logic to authenticate a client based on the client's SPNEGO token. See Configuring negotiate identity assertion provider in the Oracle Fusion Middleware Securing Oracle WebLogic Server guide.
While creating the Negotiate Identity Assertion provider, set the JAAS Control Flag option to OPTIONAL for all Authenticators. See “Set the JAAS control flag” in Oracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help.