florianz1 Absent Member.
Absent Member.


hi, regarding sso in IE11:
as far as i understand from publicly available documentation there are two ways to let securelogin interact with Internet Explorer Browser Helper Objects or Web Browser Extensions (see: https://www.netiq.com/documentation/securelogin-86/installation_guide/data/bknrca6.html#bknrtvn).
BHO to my knowledge is the older technique. Does this mean that turning that off is the preferable [modern] option with IE11?

I am asking that because we use BHO since ages, and we know it (e.g. sso startup-script is checking if it's enabled for the current user) ... . Since it hampers navigation (see: Performance Issues When Internet Explorer Is Working In Protected Mode from: https://www.netiq.com/documentation/securelogin-85/securelogin-853-releasenotes/data/securelogin-853-releasenotes.html) i am thinking of maybe change that with the new 8.6 going into production. On the other hand, we got a big number of (web) applications supported by securelogin. to test (most, if not all of them) proactively would be quite an effort.

So: is there experience 'from the wild' with using IESSOBHO=0? Are there other benefits or maybe drawbacks, like, performance impacts, .. known to you?

thanks for any guidance, florian

4 Replies
AutomaticReply Absent Member.
Absent Member.



It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.

Be sure to read the forum FAQ about what to expect in the way of responses:

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team

Anonymous_User Absent Member.
Absent Member.

Antw: IESSOBHO=0/1


since ages we use IESSOBHO=0.

We use it because some of our applications (IE page starts inside of java or IE page starts inside of SAPGUI) does not work with the BHO=1.

In my opinion:

If all of Your sso integrations work I think it'll be better for You to stay on BHO=1.

florianz1 Absent Member.
Absent Member.

Re: Antw: IESSOBHO=0/1

thanks for your input - so i will try to get rid of iessobho=1.
will be an effort to test. hope it is worth it 🙂


florianz1 Absent Member.
Absent Member.

Re: Antw: IESSOBHO=0/1

just to feed back to any who might be interested:

- upgrade to sets IESSOBHO=0 (registry)
- logonscripts make sure the helper object is disabled (in IE)

snippet from logon what to set:
      [String] $RegKeyIESSOAddon      = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7DE7B623-A17E-4A0B-94BA-D1B3BA646792}'
[String] $RegEntryName_SSOAddon = 'Flags'
[String] $RegEntryType_SSOAddon = 'DWord'
[String] $RegEntryVal_SSOAddon = '1' #activated=1024, disabled=1


one thing had to get changed though: PressInput does not work with IESSOBHO=0 - we had to 'fall back' to the more inprecise Click (e.g. Click #1).


The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.