Oracle® Fusion Middleware Enterprise Single Sign-On Suite Release Notes 11g Release 2 (11.1.2.2) Part Number E37689-03 |
|
|
PDF · Mobi · ePub |
This section describes open issues in the current release of the Oracle Enterprise Single Sign-On Suite, and their workarounds, where applicable.
This section describes open issues present in all Oracle Enterprise Single Sign-On Suite applications in this release.
This section describes open issues in the current release of the Oracle Enterprise Single Sign-On Administrative Console.
This section describes open issues in the current release of Logon Manager.
Logon Manager may not respond on-the-fly to Web pages accessed via Google Chrome that contain multiple forms.
Additionally, Logon Manager may not respond on-the-fly to the following Web forms accessed via Mozilla Firefox and Google Chrome:
Web pages where fields are not contained within a FORM element
The netzero.net password change form
If you encounter this issue, create a Logon Manager application template for the affected Web application.
Logon Manager may not respond at all to the following Web forms:
Google Chrome only: Multi-frame Web pages to which the user navigated using the browser's Back button; refreshing the target page will allow Logon Manager to respond properly.
Google Chrome only: The "Welcome to Google Chrome" sign-in page. Users must complete first time sign-in manually.
All browsers: The papajohns.com logon form.
There are currently no workarounds for these issues, except as noted above.
Logon Manager is currently unable to display its title bar button in the title bar of the Google Chrome browser.
There is currently no workaround for this issue.
When logging on to a Kiosk Manager session with a PIN-protected SmartCard, removing the SmartCard while the PIN prompt is displayed causes the logon to fail. Entering the card PIN without the card present will result in an endless prompt for the PIN, requiring the user to cancel the logon in order to dismiss the PIN prompt.
There is currently no workaround for this issue.
When Logon Manager is configured to integrate with Oracle Privileged Account Manager, checking out accounts that do not have a set expiration date is not supported.
There is currently no workaround for this issue.
When configuring the LDAPAuth v1 authenticator, Active Directory will not be present in the "Directory Type" drop-down menu.
To work around this issue, select LDAP-Compliant Server from the drop-down menu and enable the Enable Domain Name Support option.
Setting the Process
option in the mfrmlist.ini
file to a value other than shared
causes Logon Manager to no longer detect mainframe applications it previously detected correctly.
To ensure Logon Manager properly detects your mainframe applications, do not set this option to a value other than shared
.
It is possible to install the Network Provider component required for Windows Authenticator Version 2 and the SmartCard authenticator with other Logon Manager authenticators, which are not compatible with the Network Provider component.
This can result in users being unable to authenticate to Logon Manager.
To work around this issue, ensure that you only install the Network Provider component with either the Windows Authenticator Version 2 (WinAuth v2) or the SmartCard authenticator.
The silent credential capture function may not successfully capture credentials for some Web applications.
To work around this issue, always check that the credentials have been successfully captured and stored in Logon Manager.
Logon Manager currently does not support the detection of password expiration defined in fine-grain password policies utilized in Windows Server 2008 and subsequent Windows Server editions; only domain-level password policies are supported.
To work around this issue, users whose password expiration was defined in a fine-grain password policy will need to change their passwords without the use of Logon Manager.
If the end time for a credential delegation is set to 12:00AM, Logon Manager will not inject the delegated credentials when a delegatee attempts to access the target application.
To work around this issue, set the delegation end time to a value other than 12:00AM.
This section describes the open issues in the current release of Password Reset.
On Windows 7, Password Reset does not support modifying its configuration to run under a specified user account, rather than the Local System account. This feature is available on Windows XP only. Password Reset Server is not affected by this issue.
On a workstation running Universal Authentication Manager and configured for automatic Windows logon, installing the Password Reset client prevents users from logging on to Windows. This issue only affects 32-bit editions of Windows 7.
If you are unable to log on in such a scenario, restart the machine in "Safe Mode" and disable the automatic logon feature.
On 64-bit editions of Windows Server 2008 R2 running the Password Reset Client, the password reset quiz does not function when accessed from the Windows logon screen.
There is currently no workaround for this issue.
On Windows 7, when Password Reset is deployed in Norwegian, the initial enrollment screen, the initial password reset screen, and the ”Forgot your password?” link on the Windows 7 logon page appear in English instead of Norwegian.
There is currently no workaround for this issue.
This section describes the open issues in the current release of Provisioning Gateway
Attempting to check out a delegated account whose delegation was granted via a group membership results in a 404 error.
There is currently no workaround for this issue.
Active Directory users must use their full name instead of their account name (user ID) to authenticate to the OPAM server; otherwise, authentication will fail.
There is currently no workaround for this issue.
This section describes the open issues present in the current release of Universal Authentication Manager.
On 64-bit systems, if no fingerprint reader has been configured and the user attempts to enroll with the Fingerprint logon method, Universal Authentication Manager will prompt the user to configure the reader, but acknowledging the prompt does not open the BIO-Key control panel. This issue does not affect 32-bit systems.
To work around this issue, ensure the fingerprint reader is correctly configured before enrolling with the Fingerprint logon method.
When adding or removing a machine that uses Universal Authentication Manager for strong authentication to or from a domain, you must reboot immediately after adding or removing the machine; otherwise, strong authentication will not function until you reboot.