Hi All,
I installed the Windows credential provider on a Windows Server 2019 VM and configured TOTP. Everything works fine except in one specific scenario.
When sessions lock and the user wants to unlock their session, the provider asks for the administrator’s TOTP instead of the user’s TOTP.
Has anyone else encountered this issue?
As a result, I had to set the registry key to 0:
HKLM\SOFTWARE\NetKnights GmbH\PrivacyIDEA-CP\prefill_username = 0
Does PrivacyIDEA use the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\LastLoggedOnUser to populate the username when unlocking a session?
Is it the credential provider that modifies LastLoggedOnUser in the registry?
The VM is an RDS, so multiple people log in to this VM.
Thanks in advance and have a great day.
Vincent