Error Msg When Attempting To Enroll Users with Automatic Enrollment (Doc ID 1388264.1)

Last updated on NOVEMBER 19, 2014

Applies to:

Oracle Enterprise Single Sign-On Suite Plus - Version 11.1.1.5.0 and later
Information in this document applies to any platform.

Symptoms


The ESSO-PR server is deployed in a single-forest, multi-domain Active Directory environment. The EnrollmentClient virtual directory is configured to use Digest Authentication in IIS. Users in the domain that does not include the ESSO-PR server get the error message "You do not have permission to view this directory or page" when attempting to perform automatic enrollment after logon. Users in the same domain as the ESSO-PR server can successfully enroll without getting the error message. Both active directory domains are in the same Active Directory forest so there is automatically a two-way transitive trust established between the domains. Therefore, it is expected that users in both domains should be able to enroll in ESSO-PR even with Digest Authentication enabled.


Users in both domains can successfully complete the automatic enrollment if the Enrollment Client virtual directory is configured to use Integrated Windows Authentication instead of Digest Authentication.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms