This section describes open issues in the current release of the Oracle Enterprise Single Sign-On Suite, and their workarounds, where applicable.
This section describes open issues present in all Oracle Enterprise Single Sign-On Suite applications in this release.
This section describes open issues in the current release of the Oracle Enterprise Single Sign-On Administrative Console.
This section describes open issues in the current release of Logon Manager.
Logon Manager may not respond on-the-fly to Web pages accessed via Google Chrome that contain multiple forms.
Additionally, Logon Manager may not respond on-the-fly to the following Web forms accessed via Mozilla Firefox and Google Chrome:
Web pages where fields are not contained within a FORM element
The netzero.net password change form
If you encounter this issue, create a Logon Manager application template for the affected Web application.
Logon Manager may not respond at all to the following Web forms:
Google Chrome only: Multi-frame Web pages to which the user navigated using the browser's Back button; refreshing the target page will allow Logon Manager to respond properly.
Google Chrome only: The "Welcome to Google Chrome" sign-in page. Users must complete first time sign-in manually.
All browsers: The papajohns.com logon form.
There are currently no workarounds for these issues, except as noted above.
When logging on to a Kiosk Manager session with a PIN-protected SmartCard, removing the SmartCard while the PIN prompt is displayed causes the logon to fail. Entering the card PIN without the card present will result in an endless prompt for the PIN, requiring the user to cancel the logon in order to dismiss the PIN prompt.
There is currently no workaround for this issue.
When Logon Manager is configured to integrate with Oracle Privileged Account Manager, checking out accounts that do not have a set expiration date is not supported.
There is currently no workaround for this issue.
Setting the Process
option in the mfrmlist.ini
file to a value other than shared
causes Logon Manager to no longer detect mainframe applications it previously detected correctly.
To ensure Logon Manager properly detects your mainframe applications, do not set this option to a value other than shared
.
It is possible to install the Network Provider component required for Windows Authenticator Version 2 and the SmartCard authenticator with other Logon Manager authenticators, which are not compatible with the Network Provider component.
This can result in users being unable to authenticate to Logon Manager.
To work around this issue, ensure that you only install the Network Provider component with either the Windows Authenticator Version 2 (WinAuth v2) or the SmartCard authenticator.
The silent credential capture function may not successfully capture credentials for some Web applications.
To work around this issue, always check that the credentials have been successfully captured and stored in Logon Manager.
Logon Manager currently does not support the detection of password expiration defined in fine-grain password policies utilized in Windows Server 2008 and subsequent Windows Server editions; only domain-level password policies are supported.
To work around this issue, users whose password expiration was defined in a fine-grain password policy will need to change their passwords without the use of Logon Manager.
If the end time for a credential delegation is set to 12:00AM, Logon Manager will not inject the delegated credentials when a delegatee attempts to access the target application.
To work around this issue, set the delegation end time to a value other than 12:00AM.
This section describes the open issues in the current release of Password Reset.
On Windows 7, Password Reset does not support modifying its configuration to run under a specified user account, rather than the Local System account. This feature is available on Windows XP only. Password Reset Server is not affected by this issue.
On a workstation running Universal Authentication Manager and configured for automatic Windows logon, installing the Password Reset client prevents users from logging on to Windows. This issue only affects 32-bit editions of Windows 7.
If you are unable to log on in such a scenario, restart the machine in "Safe Mode" and disable the automatic logon feature.
On 64-bit editions of Windows Server 2008 R2 running the Password Reset Client, the password reset quiz does not function when accessed from the Windows logon screen.
There is currently no workaround for this issue.
On Windows 7, when Password Reset is deployed in Norwegian, the initial enrollment screen, the initial password reset screen, and the ”Forgot your password?” link on the Windows 7 logon page appear in English instead of Norwegian.
There is currently no workaround for this issue.
This section describes the open issues in the current release of Provisioning Gateway
Attempting to check out a delegated account whose delegation was granted via a group membership results in a 404 error.
There is currently no workaround for this issue.
This section describes the open issues present in the current release of Universal Authentication Manager.
On Windows 8/8.1 systems, a "Welcome" animation plays the first time a user logs on to the target system. Because this animation severely interferes with Universal Authentication Manager's "Prompted Enrollment" feature, the Universal Authentication Manager installer will disable it using the local policy registry settings. However, certain environments may require that you manually disable the animation using your organization's group policy configuration.
The ”Limit local account use of blank passwords to console logon only” windows security policy prevents Windows authentication of users with blank passwords. Even though Universal Authentication Manager itself can initially authenticate such users, potentially allowing them to enroll, re-authentication and subsequent strong (Universal Authentication Manager-based) authentication attempts of such a user account will fail. To restore normal operation, assign a Windows password to the affected user account.Oracle severely discourages disabling this Windows policy as doing so will severely compromise the security of your environment.
When authenticating to a Metro application on a Windows 8/8.1 system, the authentication dialog may appear on the desktop instead of over the target Metro application. To work around this issue, use the Alt+Tab key combination to switch to the authentication dialog.