none
Present only certificates with EKU of 'Smart Card Logon' during Windows Logon RRS feed

  • Question

  • We are trying to enable SSO with Smart Cards for Windows 7 and eventually 10. During logon users can see up to six certificates available for logon. This is going to cause confusion for the users. Selecting only the correct certificate will allow the user successful SSO. It appears that this MAY be the certificate with the Enhanced Key Usage (EKU) that contains 'Smart Card Logon (1.3.6.1.4.1.311.20.2.2)' and has the text under the box where you enter your PIN that says 'Windows will try to connect to the network'

    I found an article, below, that gives more options for certificates but these don't seem to offer what I'm looking for. 

    https://technet.microsoft.com/en-us/library/ff404287(v=ws.10).aspx

    Looking for other ideas/solutions please...

    Chad

    Tuesday, November 14, 2017 2:02 PM