Here are some resources, about configuring SSO with AD and Oracle weblogic:

http://www.oracle.com/technetwork/articles/idm/weblogic-sso-kerberos-1619890.html

http://java-hints.blogspot.de/2010/02/single-sign-on-sso-between-weblogic-and.html

http://docs.oracle.com/cd/E13222_01/wls/docs81/secmanage/sso.html

https://docs.oracle.com/middleware/1212/wls/SECMG/sso.htm#SECMG233

https://community.oracle.com/welcome

http://pirabid.blogspot.com.es/2011/06/configuring-kerberos-sso-for-jee.html

http://jee-notes.blogspot.com.es/2010/05/weblogic-single-sign-on-kerberos.html

TIPs:

– to implement SSO with AD, I recommend to follow the steps described on the first URL above,

then

– create a service account on Windows domain, this account must have:

  • check the box: password never expires
  • check the box: this account supports kerberos AES 128 bit encryption
  • uncheck all other boxes

– then generate the keytab  using AES128-sha1 encryption protol as specified on the URL article above (note: use ktpass from a domain controller to generate this keytab file !!).

Note: since Windows 7, Windows 2008 and greater, DES encryption is disabled by default on a domain and operating systems: check this Microsoft article to detect accounts using DES: https://support.microsoft.com/en-us/kb/977321

– then test the settings (serviceprincipalname),(userprincipalname) of this windows account, using adsiedit.msc

you can also use the setspn -L domain\serviceacct to check if everything is OK

 

Other resources:

http://www.centrify.com/application-edition/active-directory-authentication-for-oracle-weblogic.asp

 

Oracle and ADFS:

http://www.oracle.com/technetwork/articles/entarch/sso-with-saml-099684.html

http://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva