Here are some resources, about configuring SSO with AD and Oracle weblogic:


– to implement SSO with AD, I recommend to follow the steps described on the first URL above,


– create a service account on Windows domain, this account must have:

  • check the box: password never expires
  • check the box: this account supports kerberos AES 128 bit encryption
  • uncheck all other boxes

– then generate the keytab  using AES128-sha1 encryption protol as specified on the URL article above (note: use ktpass from a domain controller to generate this keytab file !!).

Note: since Windows 7, Windows 2008 and greater, DES encryption is disabled by default on a domain and operating systems: check this Microsoft article to detect accounts using DES:

– then test the settings (serviceprincipalname),(userprincipalname) of this windows account, using adsiedit.msc

you can also use the setspn -L domain\serviceacct to check if everything is OK


Other resources:


Oracle and ADFS: