Multiple Users Forest SSO

In our lab we created 3 new forests with 3 domains, with 3 DNS servers to simulate complex  environment. Forest DomainA.com DomainA.com Domain Controller: DCNL01.domainA.com WorkStation: DSKNL01 Test user : userA pass:Pumpkin1 sso binding user: ssoA pass: Pumpkin1App LDAP principal :  WLSAdminA@domaina.com pass:Pumpkin1 Forest DomainB.com DomainB.com DC: DCNL02.domainB.com WorkStation: DSKNL02

Continue reading »

What is Kerberos?

Three parties are involved in Kerberos Based Authentication – Client, Server and a Kerberos Distribution Centre. The diagram below clearly demonstrates how the interactions between the three parties happen. 1 – Client requests for a TGT (Ticket to Get Tickets) from the KDC (Key Distribution Centre). Client sends its username

Continue reading »

Windows 7: DES encryption support for kerberos authentication

By default Windows 7 doesn’t support DES encryption, so this can prevent kerberos authentication from working. So to enable DES encryption support we need to do following configuration at Windows 7 client machine. Go to Local Security Policies(By typing “Local Security Policies” in run dialog)->Local Policies->Security Options->Network security: Configure encryption

Continue reading »

Kerberos in a Proxy/Load Balancer/ Weblogic Cluster

Recently one of my colleague pointed out that I did not cover few aspects of Kerberos configurations in an earlier post. He had few queries such as how should he set the service principal name if a proxy is there in front of Weblogic Server. Or for that matter if

Continue reading »

Troubleshooting Kerberos Issues with Weblogic Server

Found NTLM token when expecting SPNEGO The browser is not set up correctly to send a spnego token, go back to the client configuration, and double check the browser configuration. IE needs to be configured with Integrated Windows Authentication should be turned on and the site listed in the Intranet

Continue reading »

Configuring Kerberos with Weblogic Server

Details Domain Name: BEATEST.COMDomain Controller Name: BEAAD (This machine runs Active Directory)WL Server Machine Name: beaiis (This machine runs Weblogic server). For BEAAD:- Username : beauserPassword : For beaiis :- Username : beaiisPassword : Secure04 Steps on Domain Controller (BEAAD) 1) Create a User beawin in Active Directory. Go to

Continue reading »