2.17 Configuring the Credential Provider Chaining

This section describes the configuration information to integrate Advanced Authentication with any other credential provider in Windows Client. Hence, when the users are authenticated to Windows Client, they are not prompted for credentials to connect to other credential provider installed in the workstation.

To integrate Advanced Authentication with other credential provider, perform the following steps:

  1. Enable the debug logs for Windows Client.

    For more information about debugging the logs of Windows Client, see Debugging Logs for Advanced Authentication.

  2. Navigate to the path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\ and search for the CLSID of the preferred credential provider with which you want to integrate Advanced Authentication.

    Ensure to copy the CLSID for further use.

  3. Navigate to the path C:\ProgramData\NetIQ\Windows Client\ and open the file config.properties.

  4. Specify the following parameters in the configuration file:

    • credprov_chaining_clsid: <CLSID>

    • credprov_chaining_enabled: True

    • credprov_chaining_dump_fields: True

    • credprov_chaining_password_field: 0

    • credprov_chaining_username_field: 0

    For example: The CLSID of Sophos SafeGuard is 5CDFA681-61C8-423d-999E-32EA10C5F7ED. Therefore, set the CLSID parameter as follows:

    credprov_chaining_clsid: {5CDFA681-61C8-423d-999E-32EA10C5F7ED}

  5. Log off and log in again.

  6. Navigate to the path C:\ProgramData\NetIQ\Windows Client\Logging\Logs then search for the parameter CpChaining::dumpFields in the logs file.

  7. Search for the fields that contain label for the user name and password fields. Set the ID of these fields to the following parameters in the configuration file:

    • credprov_chaining_password_field:

    • credprov_chaining_username_field:

    For example: Consider the Sophos SafeGuard 8 login form contains the user name and password fields. The ID of these fields are 8 and 9 respectively. Hence, the parameters are set as follows:

    • credprov_chaining_password_field: 9

    • credprov_chaining_username_field: 8

    For more information see Configuring Integration with Sophos SafeGuard 8.

  8. Save the changes in the configuration file.

    NOTE:There may be more than one field which contains labels such as username and password. In such case, try to use different fields and test the log in process.

  9. Log off and log in again.

    After providing the credentials, if you are able to sign in to the credential provider automatically then remove the parameter credprov_chaining_dump_fields: True from the configuration. file.

    NOTE:While searching the labels ensure to examine the label type. You can use a label with one of the following value that indicates the label type:

    • 0 - invalid

    • 1 - large text (label)

    • 2 - small text (label)

    • 3 - command link

    • 4 - edit box

    • 5 - password box

    • 6 - tile image

    • 7 - check box

    • 8 - combo box

    • 9 - submit button