1. Security Administration Guide
  2. Configuring OAM to Use Windows Native Authentication

Configuring OAM to Use Windows Native Authentication

  1. Log in to OAM Admin Console: http://host:port/oamconsole.

    For OAM 11gR2, the Admin Console is called the Oracle Access Management console.

  2. Create an Active Directory data source and set it as the Default Store:

    For OAM 11gR1: On the System Configuration tab, expand the Data Sources folder, select user identity Stores, and then click the Create button.

    For OAM 11gR2: Select the User Identity Store from the configuration area, and the click the Create button.

    1. When you create the data source, select the Default Store option to make it the default identity store.

    2. Click the Apply button.

    3. Click the Test Connection button to test the configuration.

    This image is described in the surrounding test.

  3. Update the Kerberos Authentication Module:

    For OAM 11gR1: On the System Configuration tab, select the Access Manager Settings pane. Expand the Authentication Modules node, Kerberos Authentication module, and then double-click Kerberos.

    For OAM 11gR2: Select the Authentication Modules from the Access Manager area, click Search, and select Kerberos Module.

    1. Complete the following fields to enter the location of your Key Tab and krb5.conf (ini) files:

      Key Tab File: Enter /u01/OracleOAM/Middleware/jde_wna\mad08.keytab

      Principal: Enter HTTP/yourdomain.com@JDELDAP.COM

      KRB Config File: Enter /etc/krb5.conf (C:\Windows\krb5.ini)

    2. Click the Apply button.

  4. Verify that the authentication scheme is using the correct Kerberos authentication module you modified in the previous step:

    For OAM 11gR1: Select the Policy Configuration tab. Under the Authentication Schemes node, double-click KerberosScheme.

    For OAM 11gR2: Select Authentication Schemes from the Access Manager area. Click Search and then double-click KerberosScheme.

  5. Edit the Protected Resource Policy:

    For OAM 11gR1: Expand the Application Domains node, the domain node, Authentication Policies, and then double-click Protected Resource Policy.

    For OAM 11gR2: Select the Application Domain from the Access Manager area and then click Search. Select your domain node from the Authentication Policies, and then double-click Protected Resource Policy.

    1. In the Authentication Policy area, edit the Protected Resource Policy by selecting KerberosScheme for the Authentication Scheme.

    2. Click the Apply button.