Suppressing the Passphrase for Windows V2 Authenticator and Users in Active Directory
(Doc ID 778961.1)
Last updated on APRIL 15, 2018
Applies to:Oracle Enterprise Single Sign-On Suite Plus - Version 10.1.4.1 to 126.96.36.199.0 [Release 10gR3 to 11g]
Information in this document applies to any platform.
***Checked for relevance on 15-APR-2018***
- Windows V2 Authenticator
- Passphrase disabled
- Use windows Data Protection "ON"
- Re-authentication Dialog "Use GINA"
- Users are managed and authenticated in Active Directory (AD)
If Oracle Enterprise Single Sign-On Login Manager (eSSO-LM) is installed to use the Windows V2 Authenticator and the passphrase is disabled then eSSO-LM will fail under various circumstances.
After running the 'First Time Use' (FTU) wizard on one machine, when a user logs on different machine:
- eSSO-LM is launched
- When you try to reveal credentials eSSO asks for user AD password (GINA)
- AD Password is correct but credentials are not revealed and eSSO pop-up for Windows credentials appears
- Enter AD password and you can not validate
After running the 'First Time Use' (FTU) wizard:
- The user changes the password (CTRL_ALT_DEL)
- Start the application again
- The agent will redirect to Windows GINA for re-authentication
- Enter the password
- The agent will not inject the credentials
When the user changes the password (CTRL_ALT_DEL), the LM agent is not able to decrypt the credentials, eSSO-LM will ask for re-authentication over and over again
Configure eSSO-LM to use the Windows V2 Authenticator
Disable the passphrase
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!