Oracle Enterprise Single Sign-On No Longer Supports User's Login Name Change In Active Directory
Last updated on SEPTEMBER 08, 2017
Applies to:Oracle Enterprise Single Sign-On Suite Plus - Version 22.214.171.124.0 to 126.96.36.199.0 [Release 11g]
Information in this document applies to any platform.
When user's Active Directory (Windows) logon name is changed in Active Directory, ESSO-LM client does not reflect this change in the ESSO-LM Windows authentication dialog after the user logs in with their new logon name. When the ESSO-LM Windows authentication dialog is presented for authentication or re-authentication, the user's old logon name remains in the Windows authentication dialog and cannot be changed. Entering the valid password always results in an error message and failed ESSO-LM authentication.
Note that the most frequent usage of an Active Directory logon name change is in the case of changing a name when a user gets married and changes her name. for example;
Jane Doe has a logon name of janed.
Jane Doe gets married and her name changes to Jane Smith.
The network administrator is requested to change her full name to "Jane Smith" and her logon name to "janes".
The network administrator successfully make these changes in Active Directory.
Jane Smith successfully logs into her client workstation with the login name "janes".
ESSO-LM is expected to recognize this change and successfully authenticate. This is where the failure occurs whereas the old logon name is still present in the ESSO-LM Windows authenication dialog.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms