3 Replies Latest reply: Mar 26, 2013 9:56 AM by KamilBrzak RSS

    Oracle ESSO - domain password still required

    KamilBrzak
      I got a problem with authentication probably.

      - I have defined applications in ESSOLM Admin Console
      - I have attached applications via ESSO PG
      - I can see that applications in ESSOLM Agent on domain user computer (they are correctly published to repository)
      - I can automatically logon to defined applications

      BUT

      Everytime I log off from domain user computer and relog with the same credentials, the ESSOLM windows appear with domain user password requirement. When I cancel this, the ESSO Agent could not logon me into defined SSO applications. When I type my domain user password, ESSO Agent works usually and correctly. Till next windows account relog process everything works fine. When I log off from Windows and log on again, the ESSOLM window appears again demanding again the domain user password.

      I thought that this ESSO window appears only for first time to generate a crypto key for local stored information encryption. But why this window appears again? Is it a matter of some oprion in ESSOLM Admin Console? It looks like ESSO could not store or save the information about my (domain user) identity and that is why it asks me again and again with every windows logon, resp. by attempt to open SSO application for automated logon.

      Could you help me please?
        • 1. Re: Oracle ESSO - domain password still required
          830897
          Hello.

          It's a security option of eSSO LM - you have to authenticate to eSSO before using it.

          Also there's a timer which regulates how often you have to confirm it's still you and not somebody else. By default timer is set to 15 minutes, so when you leave the computer and someone appears near it, he could not use your applications accessing them automatically with passwords saved in eSSO store.

          You can set option Global Agent Settings > Security > Reauthentication timer to *4294967295* (maximum value) in eSSO Administrative Console and create modified agent distributives with that option, so you have to authenticate only when eSSO LM agent tries to sign you in for the first time. You can not turn it off completely.
          • 2. Re: Oracle ESSO - domain password still required
            KamilBrzak
            Thank you for your answer. I led the value on "infinite" value. The problem was that there missed an option "Network Provider" by client installation. Without that component, client every time "forget" the user authentication and demands it every time despite the timer value.
            • 3. Re: Oracle ESSO - domain password still required
              KamilBrzak
              Root cause was a missing "Network provider".