Setting up Windows Native Authentication (with Kerberos) Single Sign-On (SSO) within WebLogic can be tricky. One way to accomplish this is to use IIS to front-end the WebLogic cluster. You need to use an IISIdentityAsserter in this scenario. Using an Identity Asserter based on HTTP headers has security implications and it’s important to ensure the communications are locked down between the IIS front-end to the WebLogic cluster. I don’t have much time to type more about this, but was excited about some recent work and wanted to get a quick post up in reference to this.