Integrating with Microsoft Active Directory 18-11 Be sure to give the Web server a unique identifier UID on the OracleAS Single Sign-On Server middle tier and to grant read permission for the file. Update the krb5.conf File You must update the krb5.conf file krb5.ini on Windows with the following information. If you do not update the krb5.conf file with the following information, the kinit test of the newly generated keytab file will fail, and the keytab file will fail when used for Windows Native Authentication in OracleAS Single Sign-On Server. Update the krb5.conf file with the following information: ■ The default realm of the Active Directory, for example: AD.UK.ORACLE.COM ■ The hostname of the server where Active Directory resides, for example: active.uk.oracle.com ■ The hostname of the server where OracleAS Single Sign-On Server resides, for example: sso.uk.oracle.com For example, replace the marked-up text in the following text with the relevant default realm and KDC hostname, that is, the server where Active Directory resides: [libdefaults] default_realm = AD.UK.ORACLE.COM clockskew = 300 [realms] AD.UK.ORACLE.COM = { kdc = active.uk.oracle.com } [domain_realm] .uk.oracle.com = AD.UK.ORACLE.COM Run the OracleAS Single Sign-On Server Configuration Assistant on each Oracle Application Server Single Sign-On Host Running the ossoca.jar tool at this point does the following: ■ Configures the Oracle Application Server Single Sign-On server to use the Sun JAAS login module ■ Configures the server as a secured application To run the ossoca.jar tool on the OracleAS Single Sign-On Server middle tier: 1. Back up the following configuration files: ■ ORACLE_HOMEssoconfpolicy.properties ■ ORACLE_HOMEj2eeOC4J_SECURITYconfigjazn.xml ■ ORACLE_HOMEopmnconfopmn.xml ■ ORACLE_HOMEj2eeOC4J_SECURITYconfigjazn-data.xml ■ ORACLE_HOMEj2eeOC4J_ SECURITYapplicationsssowebWEB-INFweb.xml ■ ORACLE_HOMEj2eeOC4J_SECURITYapplication-deploymentssso orion-application.xml 2. Run the ossoca.jar tool: Note: The krb5.conf file is case sensitive. 18-12 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform ■ UNIXLinux: ORACLE_HOMEssobinssoca wna -mode sso -oh ORACLE_HOME -ad_realm AD_REALM -kdc_host_port kerberos_server_host:port -verbose ■ Windows: ORACLE_HOME\jdk\bin\java -jar ORACLE_HOME\sso\lib\ossoca.jar wna -mode sso -oh ORACLE_HOME -ad_realm AD_REALM -kdc_host_port kerberos_server_host:port -verbose AD_REALM is the Kerberos realm in Microsoft Active Directory. This is the user container. Note from the syntax that this value must be entered in uppercase. The default port number for the KDC is usually 88. To confirm this, see step 2 in the section Set Up a Kerberos Service Account for the OracleAS Single Sign-On Server on page 18-9. 3. Step 2 shuts down the OracleAS Single Sign-On Server. Restart it: ORACLE_HOMEopmnbinopmnctl startall Task 2: Configure Internet Explorer for Windows Native Authentication Configure Internet Explorer to use Windows Native Authentication. How you do this depends on which version you have. ■ Internet Explorer 5.0 and Later ■ Internet Explorer 6.0 Only Internet Explorer 5.0 and Later To configure Internet Explorer 5.0 and later, perform the following steps:

1. From the menu bar, select Tools, then, from the Tools menu, select Internet

Options .

2. In the Internet Options dialog box, select the Security tab.

3. On the Security tab page, select Local Intranet, then select Sites.

4. In the Local intranet dialog box, select Include all sites that bypass the proxy

server; then click Advanced. 5. In the advanced version of the Local intranet dialog box, enter the URL of the OracleAS Single Sign-On Server middle tier. For example: http:sso.mydomain.com

6. Click OK to exit the Local intranet dialog boxes.

7. In the Internet Options dialog box, select the Security tab; then choose Local

intranet ; then choose Custom Level. 8. In the Security Settings dialog box, scroll down to the User Authentication section and then select Automatic logon only in Intranet zone.

9. Click OK to exit the Security Settings dialog box.