Login Requested Twice For Non-Domain User With WNA Enabled In Browser
Last updated on DECEMBER 04, 2017
Applies to:Oracle Application Server Single Sign-On - Version 9.0.4 to 10.1.4.3 [Release 10gR1 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 01-DEC-2015***
The Oracle AS Single Sign-On (OSSO) site has WNA-enabled SSO login configured. Login is working, fallback login is working for intranet users and users not using Internet Explorer browser.
For non-domain, i.e., external users with 'Enable Windows Integrated Authentication' checked in IE browser settings, there is a double prompt for login:
- when Login button is clicked, a Windows domain/network login pop-up is displayed
- when a valid username (orclsamaccountname) and Active Directory user password is entered in the pop-up and OK clicked, the SSO login page displays prompting for login again
- entering the same credentials in this page succeeds to login to the site
'Enable Windows Integrated Authentication' is checked by default with Internet Explorer on Windows XP platforms.
Internet Explorer Service Pack 2 or higher is installed on the PCs where the double-login prompt occurs.
The problem does not reproduce when 'Enable Windows Integrated Authentication' is unchecked in IE Advanced settings and the user is not logged into the domain. It should be noted that in this scenario there is still a login pop-up, but it is the browser Basic Authentication login pop-up not the Windows domain/network login box. If valid credentials, i.e., orclsamaccountname/ADuserpassword are submitted to the Basic Authentication pop-up, SSO login succeeds.
Problem can be simulated with domain users by removing the SSO site from the Local Intranet Sites exceptions list.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms