18-12 Oracle Fusion Middleware Administrators Guide for Oracle Directory Integration Platform ■ UNIXLinux: ORACLE_HOMEssobinssoca wna -mode sso -oh ORACLE_HOME -ad_realm AD_REALM -kdc_host_port kerberos_server_host:port -verbose ■ Windows: ORACLE_HOME\jdk\bin\java -jar ORACLE_HOME\sso\lib\ossoca.jar wna -mode sso -oh ORACLE_HOME -ad_realm AD_REALM -kdc_host_port kerberos_server_host:port -verbose AD_REALM is the Kerberos realm in Microsoft Active Directory. This is the user container. Note from the syntax that this value must be entered in uppercase. The default port number for the KDC is usually 88. To confirm this, see step 2 in the section Set Up a Kerberos Service Account for the OracleAS Single Sign-On Server on page 18-9. 3. Step 2 shuts down the OracleAS Single Sign-On Server. Restart it: ORACLE_HOMEopmnbinopmnctl startall Task 2: Configure Internet Explorer for Windows Native Authentication Configure Internet Explorer to use Windows Native Authentication. How you do this depends on which version you have. ■ Internet Explorer 5.0 and Later ■ Internet Explorer 6.0 Only Internet Explorer 5.0 and Later To configure Internet Explorer 5.0 and later, perform the following steps:

1. From the menu bar, select Tools, then, from the Tools menu, select Internet

Options .

2. In the Internet Options dialog box, select the Security tab.

3. On the Security tab page, select Local Intranet, then select Sites.

4. In the Local intranet dialog box, select Include all sites that bypass the proxy

server; then click Advanced. 5. In the advanced version of the Local intranet dialog box, enter the URL of the OracleAS Single Sign-On Server middle tier. For example: http:sso.mydomain.com

6. Click OK to exit the Local intranet dialog boxes.

7. In the Internet Options dialog box, select the Security tab; then choose Local

intranet ; then choose Custom Level. 8. In the Security Settings dialog box, scroll down to the User Authentication section and then select Automatic logon only in Intranet zone.

9. Click OK to exit the Security Settings dialog box.

Integrating with Microsoft Active Directory 18-13

10. From the menu bar, select Tools, then, from the Tools menu, select Internet

Options .

11. In the Internet Options dialog box, select the Connections tab.

12. On the Connections tab page, choose LAN Settings.

13. Confirm that the correct address and port number for the proxy server are entered, then choose Advanced.

14. In the Proxy Settings dialog box, in the Exceptions section, enter the domain name

for the OracleAS Single Sign-On Server MyCompany.com in the example.

15. Click OK to exit the Proxy Settings dialog box.

Internet Explorer 6.0 Only If you are using Internet Explorer 6.0, perform steps 1 through 12 in Internet Explorer 5.0 and Later ; then perform the following steps:

1. From the menu bar, select Tools, then, from the Tools menu, select Internet

Options .

2. In the Internet Options dialog box, select the Advanced tab.

3. On the Advanced tab page, scroll down to the Security section.

4. Select Enable Integrated Windows Authentication requires restart.

Task 3: Reconfigure Local Accounts After configuring Windows Native Authentication, you must reconfigure accounts for the Oracle Internet Directory administrator orcladmin and other local Windows users whose accounts are in Oracle Internet Directory. If you omit this task, then these users will not be able to log in. Use the Oracle Directory Services Manager interface for Oracle Internet Directory to perform these steps: 1. Add the orclADUser class to the local user entry in Oracle Internet Directory. 2. Add the login ID of the local user to the orclSAMAccountName attribute in the user’s entry. For example, the login ID of the orcladmin account is orcladmin. 3. Add the local user to the exceptionEntry property of the external authentication plug-in. 18.5.4 Configuring Windows Native Authentication with Multiple Microsoft Active Directory Domains or Forests