OAM 11g has the ability to do Windows Native Authentication to give a Windows client desktop SSO to the OAM-protected application. This was possible in OAM 10g as well, but it required an IIS server to do the heavy lifting of getting the Kerberos ticket and authenticating the user. In 11g, Oracle does not require IIS to accomplish desktop SSO. WebLogic also had this capability by using its SPNEGO Identity Asserter, but this approach gives one SSO to any other OAM-protected application as well. The documentation is in chapter 7 of the Integration Guide.
- Select Tools, Internet Options.
- Select the Security tab.
- Ensure that your WebGate-protected OHS site is in the list of trusted “Sites”
- Select Local intranet and click Custom Level....
- In the Security Settings dialog box, scroll to the User Authentication section.
- Select “Automatic logon only in Intranet zone”.
- Click OK.
- Select the Advanced tab.
- Scroll to the Security section.
- Make sure that Enable Integrated Windows Authentication option is checked and click OK.
- If this option was not checked, restart the client.