Almost 70% of users connect from the office, using their Active Directory account to login automatically under WebCenter Portal.
The rest of the users try to connect via Internet and when the Kerberos negotiation fails, this error page appears:
If user does manually a F5 or reload from browser the correct login page of WebCenter Portal is shown.
This issue is quite annoying for an amount of 30% of users, so we tried several solutions
- Create a double virtual-host under OHS to have one with Kerberos and another without it.
- This solution only works with OAM product, Kerberos Auth includes a Weblogic provider authentication that always try to negotiate first, and the 401 error page still appears.
- Create a Login web-app (the good one)
- Create an ADF TaskFlow that shows a login form and performs a redirection when login is successful
- Include our new TF under WebCenter Portal shared-library
- Create a public space with portal builder administration (called external-login)
- Add new TF to the “external-login” Space under the current Space Catalog
- Create a blank page on the new Space with our custom taskflow.
This is how our new login page looks like:
Now, regular users under office network still access with the URL:
http://myintranet.company.com/webcenter
And external users login with:
http://myintranet.company.com/webcenter/portal/external-login
To simplify the URL you can create a 301 rule with easy domain name :-)
Documentation:
- How To Configure Browser-based SSO with Kerberos/SPNEGO and Oracle WebLogic Server
- Create ADF Login
- Non-SSO for microsoft clients
Downloads:
Thanks to Daniel & Diana for their work on this issue.
