See Configuring Microsoft Clients to Use Windows Integrated Authentication. See Creating a Kerberos Identification for WebLogic Server.Ĭhoose a Microsoft client (either a Web service or a browser) and configure it to use Windows Integrated authentication. See Configuring Your Network Domain to Use Kerberos.Ĭreate a Kerberos identification for WebLogic Server.Ĭreate a user account in the Active Directory for the host on which WebLogic Server is running.Ĭreate a Service Principal Name for this account.Ĭreate a user mapping and keytab file for this account. A JAAS login file that defines the location of the Kerberos identification for WebLogic Server must be created.Ĭonfigure your network domain to use Kerberos. The Web application or Web service used in SSO needs to have authentication set in a specific manner. In the security realm of the WebLogic domain, configure a Negotiate Identity Assertion provider. The Kerberos protocol uses the Active Directory server in the Microsoft domain to store the necessary security information.Īny Microsoft client you want to access in the Microsoft domain must be set up to use Windows Integrated authentication, sending a Kerberos ticket when available. (These procedures are detailed in the sections that follow.)ĭefine a principal in Active Directory to represent the WebLogic Server. Single Sign-On with Microsoft Clients: Main StepsĬonfiguring SSO with Microsoft clients requires set-up procedures in the Microsoft Active Directory, the client, and the WebLogic domain.
0 Comments
Leave a Reply. |