SecureLogin DAS Fast User switching using Smart Card in Active Directory mode

Table of Contents:

1. Introduction
2. Prerequisite
3. Configure Novell SecureLogin to launch separately using smart card user credentials
4. Configure DAS actions.xml to hide and unhide the desktop using the smart card
5. Conclusion

Introduction

In the earlier version of Novell SecureLogin, Active Directory authentication of the workstation (either using password or smart card) were used to login to SecureLogin. The SecureLogin DAS Fast User Switching feature was not available in Active Directory mode.

With Novell SecureLogin 7.0 Sp1 Hot Fix 2 and later DAS Fast User Switching feature is available in Active Directory Mode.

To use this functionality, you must configure

  1. Novell SecureLogin to launch separately using smart card user credentials (instead of workstation logged-in credentials).
  2. DAS actions.xml to hide and unhide the desktop using the smart card.

The procedures explained in the document apply to:

  • Novell SecureLogin 7.0 Sp1 Hot Fix 2 or later.
  • Windows XP SP3 or later.

Prerequisites

While installing Novell SecureLogin you must enable the following options:

  • Select Active Directory as the platform where Novell SecureLogin stores its data.
  • Select YES to use Smart Card.
  • In the installation features dialog box, select Install Desktop Automation Services.

Configure Novell SecureLogin to launch separately using smart card user credentials

After SecureLogin with DAS is successfully installed, it initializes some registry keys. You must edit the registry keys to configure the system for your workstation.

To view and edit the registry keys:

  1. Click Start > Run, type RegEdit, then click OK.

    The Registry Editor is displayed
  2. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Protocom\SecureLogin\
  3. Create DWORD NSLADAuth and set the value of NSLADAuth to 1.
  4. Exit the Registry Editor.
  5. Log out from the workstation and log in again.
  6. Launch the Novell SecureLogin.

Now SecureLogin prompts for Smart card PIN instead of getting launched using workstation logged-in credentials

Configure DAS actions.xml to hide and unhide the desktop using the smart card

  1. Log in to the workstation where you want to launch the Novell SecureLogin.
  2. Configure actions.xml to hide and unhide the desktop using the smart card fast user switch

    Sample XML script:

     <?xml version="1.0"?>
    <application-runner-script>
     
    <action name="Removal">
     <kill-app application="slproto.exe" />
     <kill-app application="slbroker.exe" />
     <pause interval="1000"/>
     <hide-desktop />
    </action>
     
    <action name="unHideMe">
     <unhide-desktop/>
    </action>
     
    <action name="Insertion">
     <kill-app application="slproto.exe" />
     <pause interval="1000"/>
     <hide-desktop />
     <run-application application="slproto.exe" parameters="" serial="true"  interval="500"/>
    </action>
     
    <action-triggers>
    <on-cardmon action-name="Removal" card-insert="Insertion" LoginAction = "unHideMe"/>
    </action-triggers>
    </application-runner-script>
    
    
  3. Run ARScontol.exe to start DAS and to hide the desktop.
  4. Insert the smart card in the card reader.

    The NSL PinPrompt dialog box is displayed prompting you to enter a valid PIN.
  5. Enter the valid PIN.

The Novell SecureLogin is launched successfully for the smart card user and the user’s desktop is displayed.

Note: To switch to another user remove the inserted Smart Card from the card reader and insert a new smart card.

Conclusion

With the help of the above configuration “SecureLogin DAS fast user switching” is achieved using Smart Card in Active Directory mode.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...Loading...
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: pvdinesh
Sep 1, 2010
5:16 pm
Reads:
1,218
Score:
Unrated