This section provides information about the following errors:
See Also:
Access Manager WNA Quick Start Guide on My Oracle Support, Knowledge Base note 1416903.1 at: https://support.oracle.com/
While retrieving initial credentials, the client may not be found in the Kerberos database.
This is the Kerberos version of "User not found" and might be related to one of the following:
Misspelling or typo of the principal name
The principal was not added to the Kerberos database, the principal doesn't exist.
The user name does not exist in Active Directory or has not been registered as a Kerberos user.
The SPN is not unique.
On the Active Directory side one or more duplicate entries were found.
The solution would be to have the Active Directory Administrator search the LDAP tree for duplicate entries of the SPN, and remove them.
If unable to access a resource protected by Access Manager using the WNA authentication scheme, the error message is displayed.
When the error message, "An incorrect Username or Password was specified" is displayed, check the following.
An incorrect username or password was specified.
There is a mismatch in the encryption types being used.
The key version number (kvno) of the SPN mentioned in the keytab does not match the kvno of the mapped user in the identity store.
By default, the OAM identity store is Embedded LDAP. If you are using a different identity store (for example, Active Directory or Oracle Unified Directory) be sure to register the identity store.
Managing Data Sources has complete details on identity stores and how to register them.
To set the identity store being used as the Default Store, see About using the System Store for User Identities.
To register the User Identity Store being used, see Registering a New User Identity Store with details in User Identity Store Settings.
If OAM is configured for WNA and the client browser is not configured for IWA, two BASIC authentication prompts might be displayed when accessing a WNA protected resource.
One prompt comes from the Weblogic Server and the second from OAM. To avoid this, the WebLogic Server must be configured to ignore HTTP Basic authentication requests.