Environment
Client Login Extension
CLE 3.8.x
CLE installed with SSPR integration
Self Service Password Reset
SSPR 3.2
CLE 3.8.x
CLE installed with SSPR integration
Self Service Password Reset
SSPR 3.2
Situation
Windows security message: "Your login has been halted. Please enter your username and password to login to the desktop."
User is returned to Windows login after logging in and answering SSPR challenge questions.
User is returned to Windows login after logging in and answering SSPR challenge questions.
Resolution
This is the expected behavior when CLE is integrated with SSPR.
The Windows Security message is displayed by CLE to inform the user that login to the desktop was interrupted when the user was redirected to the SSPR enrollment page.
After users enroll in SSPR they are taken back to the Windows login screen because at that point CLE has no knowledge of the success or failure of the SSPR enrollment. To verify the status of the SSPR enrollment, CLE checks the user's challenge response data at the next (and each subsequent) login.
The Windows Security message is displayed by CLE to inform the user that login to the desktop was interrupted when the user was redirected to the SSPR enrollment page.
After users enroll in SSPR they are taken back to the Windows login screen because at that point CLE has no knowledge of the success or failure of the SSPR enrollment. To verify the status of the SSPR enrollment, CLE checks the user's challenge response data at the next (and each subsequent) login.
Additional Information
Steps to duplicate:
1. User logs in to windows
2. User receives prompt saying SSPR challenge questions have not been answered, and selects option to answer them.
3. User is redirected to SSPR page, and answers and saves challenge questions
4. User clicks continue
5. User is directed to the SSPR forwarding URL (if configured) or if no forwarding URL is present, is sent back to SSPR
6. User closes SSPR / restricted browser
7. User then receives a Windows Security message saying "Your login has been halted. Please enter your username and password to login to the desktop."
8. The user clicks past the message and is brought back to the Windows login
1. User logs in to windows
2. User receives prompt saying SSPR challenge questions have not been answered, and selects option to answer them.
3. User is redirected to SSPR page, and answers and saves challenge questions
4. User clicks continue
5. User is directed to the SSPR forwarding URL (if configured) or if no forwarding URL is present, is sent back to SSPR
6. User closes SSPR / restricted browser
7. User then receives a Windows Security message saying "Your login has been halted. Please enter your username and password to login to the desktop."
8. The user clicks past the message and is brought back to the Windows login