Create Active Directory user objects that represent WebLogic Server and EPM System web server and map them to service principal names (SPN). SPNs are unique identifiers that identify the service to clients on the network.
To create Kerberos identification for WebLogic Server:
Create an Active Directory user that complies with the Kerberos protocol. The user account's encryption type must be DES. See Creating Kerberos identification for WebLogic Server in the Oracle Fusion Middleware Securing Oracle WebLogic Server guide.
For example, Active Directory user wls-myServer0055 may represent the WebLogic Server running on computer myServer0055.
While creating the user, do not select password options.
After creating the user, modify the user properties and select Use DES encryption types for this account.
Reset the password of the user account.
Use the setspn command similar to the following to map the Kerberos SPN, HTTP/WEBLOGIS_SERVER_HOST_NAME to a Microsoft user account.
setspn -A HTTP/myServer0055.myexample.com wls-myServer0055
Create a Kerberos keytab file using a command such as the following and make it available to WebLogic Server:
ktpass -out c:\temp\wls-myServer0055.keytab -princ HTTP/myServer0055.myexample.com@EXAMPLE.COM -mapuser wls-myExample0055 -pass PASSWORD -DesOnly