Introduction

 
This cool solution explains the steps to install and configure SecureLogin Tap to Switch User feature using Advanced Authentication.

Prerequisite

  1. SecureLogin version 8.1.1 and above
  2. SecureLogin installed in AD Mode
  3. SecureLogin configured in KIOSK Mode
  4. Desktop Automation Service configured to perform switch user during smart card tap-in and tap-out operation
  5. Contactless Smart card enrolled for AD users
  6. Advanced Authentication Device Service installed

Install and Configure SecureLogin with Tap to Switch User feature

  1. Install SecureLogin with Advanced Authentication and Desktop Automation Service (DAS) features.
  2. To configure KIOSK Mode in SecureLogin, perform the following:
    1. Click Start > Run to launch the Run dialog box.
    2. Enter regedit and click OK. The Registry Editor opens.
    3. In the Registry Editor, browse to the key HKEY_LOCAL_MACHINE\SOFTWARE\Protocom\SecureLogin\.
    4. Create a DWORD NSLADAuthand set the value of NSLADAuth to 1.

TapCardSwitchUser: This attribute is used to restrict the card tap to switch users in the kiosk mode. If this attribute value is set to true, then single card tap is required to switch the user in kiosk mode. If this attribute value is set to false, then double card tap is required to switch the user in kiosk mode.

  1. To configure DAS in SecureLogin, perform the following:
    • Edit DAS configuration file to perform Tap to switch user operation.

It is located under C:\Program Files\NetIQ\SecureLogin\Desktop Automation Services\actions.xml

Sample Actions.xml

<?xml version="1.0"?>

<!DOCTYPE application-runner-script SYSTEM "ARS_1.0.dtd">

<!-- KP Base Windows Action for Active Directory Mode Version: 1.02 -->

<!-- Inactivity Counter is supposed to be working -->

<application-runner-script>

<action name="startup">

<test-app-running application="sltray.exe">

<if-true>

<AD-logout gina="false" />

<!-- delay for NSL to successfully shutdown -->

<pause interval="750" />

<hide-desktop/>

<pause interval="750" />

<!-- <kill-all-apps exclude-apps="slproto.exe:slwinsso.exe:slbroker.exe:explorer.exe:notepad.exe" /> -->

<pause interval="750" />

<run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>

</if-true>

<if-false>

<hide-desktop />

<pause interval="750" />

<run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>

</if-false>

</test-app-running>

</action>

<action name="showdesktop">

<unhide-desktop/>

</action>

<action name="SCLogoff">

<AD-logout gina="false" />

<!-- delay for NSL to successfully shutdown -->

<pause interval="750" />

<hide-desktop/>

<pause interval="750" />

<!-- <kill-all-apps exclude-apps="slproto.exe:slwinsso.exe:slbroker.exe:explorer.exe:notepad.exe" /> -->

<pause interval="750" />

<run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>

</action>

<action name="insert">

<test-app-running application="sltray.exe">

<if-true></if-true>

<if-false>

<run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>

</if-false>

</test-app-running>

</action>

<action-triggers>

<on-Tap-cardmon action-name="SCLogoff" card-tapon="insert" LoginAction= "showdesktop" TapCardSwitchUser="true"/>

</action-triggers>

</application-runner-script>
  1. Configure DAS to start on Windows startup
    • Click Start > Run to launch the Run dialog box.
    • Enter regedit and click OK. The Registry Editor opens.
    • In the Registry Editor, browse to the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
    • Create a String with any descriptive name and set the path to DAS executable as value.
      For Example: DAS : C:\Program Files\NetIQ\SecureLogin\Desktop Automation Services\ARS.exe startup
      Note:
      startup
      is the additional parameter used in DAS to invokes a default action defined in the actions.xml during Windows startup.
  2. Reboot the Operating system.
  3. The Tap to Switch User feature is ready to use.

Additional References

  1. Administering Desktop Automation Service

    https://www.netiq.com/documentation/securelogin-85/administration_guide/data/bheri73.html

  2. SecureLogin support for Advanced Authentication
  3. https://www.netiq.com/documentation/securelogin-85/administration_guide/data/bz5mpi4.html

  4. Advanced Authentication Server, Client and Device Services installation and configuration

    https://www.netiq.com/documentation/advanced-authentication-55/

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

No Comments
By: pvdinesh
Feb 27, 2017
2:30 pm
Reads:
425
Score:
Unrated
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Sentinel Supported Troubleshooting Workflow