Environment
NetIQ SecureLogin
NSL7.0.3
Active Directory mode
Integrated with smart card
Situation
User receives extra login prompt after logging in with Smart Card
User prompted for Smart Card Pin when SecureLogin loads
User gets extra authentication prompt with SecureLogin installed and integrated with smart card
Unexpected prompt for PIN :
User prompted for Smart Card Pin when SecureLogin loads
User gets extra authentication prompt with SecureLogin installed and integrated with smart card
Unexpected prompt for PIN :
Resolution
Edit the registry to point SecureLogin's secondary data store to "FILE" instead of "Smart Card"
Change HKEY_LOCAL_MACHINE\SOFTWARE\Protocom\SecureLogin\Security
SecondaryStore string value = SmartCard
to HKEY_LOCAL_MACHINE\SOFTWARE\Protocom\SecureLogin\Security
SecondaryStore string value = FILE
Status
Reported to EngineeringAdditional Information
When the prompt appears it makes no difference whether the user enters the pin or selects cancel. SecureLogin loads either way, and shows the primary data store as AD and the Secondary data store as the local cache file, as shown:
The registry however, shows the secondary data store as SmartCard, not as the local cache file shown in the "about" dialog. Note that this smart card was not configured to store NSL data.