Suppressing the Passphrase for Windows V2 Authenticator and Users in Active Directory
Last updated on OCTOBER 16, 2016
Applies to:Oracle Enterprise Single Sign-On Suite Plus - Version 10.1.4.1 to 18.104.22.168.0 [Release 10gR3 to 11g]
Information in this document applies to any platform.
- Windows V2 Authenticator
- Passphrase disabled
- Use windows Data Protection "ON"
- Re-authentication Dialog "Use GINA"
- Users are managed and authenticated in Active Directory (AD)
If Oracle Enterprise Single Sign-On Login Manager (eSSO-LM) is installed to use the Windows V2 Authenticator and the passphrase is disabled then eSSO-LM will fail under various circumstances.
After running the 'First Time Use' (FTU) wizard on one machine, when a user logs on different machine:
- eSSO-LM is launched
- When you try to reveal credentials eSSO asks for user AD password (GINA)
- AD Password is correct but credentials are not revealed and eSSO pop-up for Windows credentials appears
- Enter AD password and you can not validate
After running the 'First Time Use' (FTU) wizard:
- The user changes the password (CTRL_ALT_DEL)
- Start the application again
- The agent will redirect to Windows GINA for re-authentication
- Enter the password
- The agent will not inject the credentials
When the user changes the password (CTRL_ALT_DEL), the LM agent is not able to decrypt the credentials, eSSO-LM will ask for re-authentication over and over again
Configure eSSO-LM to use the Windows V2 Authenticator
Disable the passphrase
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms