Using the Client Login Extension Configuration utility, you can configure the Client Login Extension MSI files for installing the Extension. These MSI files are used to install the Client Login Extension on Windows workstations.
The Client Login Extension MSI files are available in a number of different languages. You must configure the Client Login Extension file for each language, including English, before it can be used.
The Client Login Extension Configuration utility is available in the <CD_ROOT>/CLE folder. Here, CD_ROOT refers to the location where the Client Login Extension Installer files are extracted.
To configure the Client Login Extension Configuration Utility:
Double-click the ClientLoginExtensionConfigurationUtility.exe file, which is provided as part of the Client Login Extension installer, to launch the utility.
Read the license agreement and click I Agree, if you agree.Then the Client Login Extension Configuration Utility page appears.
NOTE:The License Agreement page appears only on the first launch of the Configuration Utility. When you launch Configuration Utility for the second time, License agreement page does not appear.
Path to Installer to Configure: Shows the path of the Client Login Extension installer file that is being configured.
Click the Browse button and browse to the appropriate location where the Client Login Extension Installer file is present. By default, the Browse button opens the CLE/Installer sub-folder.
Whenever this text box contains a path to a valid MSI file, the utility automatically opens the file, populates the other controls with the information it contains, and enables the Configure Installer button.
Welcome Text for Installer: Modify the information in the Welcome text or keep the information as it is presented.
The information in the text box is displayed on the Welcome screen of the Client Login Extension. The string [ProductName] displays as Client Login Extension 4.2.
Link URL: Specify the URL that the Client Login Extension- restricted browser uses to connect to the SSPR Forgotten Password page. You can use either a DNS name or an IP address. An example of a URL using a DNS name that links to the Forgotten Password page is:
https://<server>:<port>/sspr/public/ForgottenPassword
IMPORTANT:You must have a valid URL pointing to the SSPR’s Forgotten Password page; otherwise, the client connection might fail and you might not be able to log in through the workstation. For more information, see Using Forgotten Password.
Link Text: Specify the text to be displayed on the link to the restricted browser that the Client Login Extension uses.
The default text is Forgotten Password. The text for this button in Client for Open Enterprise Server cannot be changed here.
(Optional) Enable SSPR Configurations: This option allows you to enable the configurations for Self Service password Reset and Emergency Access.
If you select this option, Change Password through SSPR, Challenge Response, Emergency Access and EA Custom Message options are enabled.
NOTE:To enable this feature, you must have already configured SSPR, as described in Configuring SSPR for the Client Login Extension Integration and Configuring SSPR for Enabling Password Expiration Warning.
REST URI: Specify the URI that the Client Login Extension- restricted browser uses to connect to the SSPR server by using the REST calls. You can use either a DNS name or an IP address. An example of a URI using a DNS name is:
https://<server>:<port>/sspr/public/rest
(Optional) Change Password through SSPR: Select this option to enable users to change the password through SSPR. If you do not select this option, the user can change the password through the default Windows password change mechanism.
NOTE:Users can change the password by using SSPR or Windows password change mechanism before or after logging in to the computer.
Password Policy Link Text: Specify the link that the Client Login Extension- restricted browser uses to connect to the SSPR Password Policy page. The default text is Password Policy.
Challenge Response: Select the Force user for challenge response enrollment option to prompt the users to answer their challenge responses before logging into the computer. However, if you do not select this option, the user can bypass the Force user for challenge responses prompt and proceed to log in. If you do not select this option, they can skip the challenge response prompt and proceed to log in.
NOTE:If SSPR configurations is enabled for the users who have not yet enrolled in SSPR, they will be prompted to answer their challenge questions regardless of the value of this setting.
Force challenge response enrollment warning message: This option is enabled only if you select Force user for challenge response enrollment. Specify the message that you want to display when the user is prompted for force enrollment.
Emergency Access: Select the Enable Emergency Access option to enable the users with a temporary access to the desktop when network is not available by providing the challenge responses configured in SSPR. You can specify the other details for emergency access after you enable the Enable Emergency Access option such as the following:
Maximum Retry Count: A numerical value that indicates the maximum number of attempts a user is allowed for answering the challenge-response questions, before getting locked out. After the maximum number of attempts are exhausted, the Emergency Access feature is not accessible. The default number of attempts are 3.
If you have configured a higher number of challenge-response questions for the user, specify a higher number for the retry attempts. This helps in a situation where the user forgets some of the answers to the challenge-response questions.
System Logout Time: A numerical value that indicates the number of minutes the user is allowed to use the system in the Emergency Access mode. The time allocated for the session should be configured to ensure that the user does not use the system in the emergency access mode for extended durations. The default time allowed is 30 minutes.
When lockout is imminent, a warning is displayed on the system tray. After the session time is exhausted, the user is automatically locked out of the system
System Logout Warn time: A numerical value that indicates the number of seconds the User gets the warning before session expires. The default time allowed is 30 seconds.
Emergency Access Login Message: This message is displayed in system tray for the users who logged into desktop.
EA Custom message: Type a message in the EA Challenge Response Dialog Message field. If network is unavailable, the text that you mention in this setting is displayed when you click on Forgotten password. This message gets displayed on all the Emergency Access dialog boxes.
Advance Settings: In the CLE/ Proxy settings option, you can enable the following settings:
Enable CLE tile on the logon screen: You can specify the text that you want to display on the CLE tile and also specify the path of the image that you want to set as a logo for that tile. If you have enabled this setting, then the forgotten password link will be available only on the CLE tile.
Enable Proxy: In an environment where Internet is not directly accessible and the Client Login Extension needs to access it, you need to connect the Client Login Extension to a proxy server. To connect to the proxy server, select the Enable Proxy check-box and provide the IP address and the port number of the proxy server in the Proxy Server text-box. When you do not enable the proxy server, CLE retrieves information directly from SSPR server and does not go through the proxy server.
In the Security Settings option, you can select the following settings:
Allow URL redirection and forwarding: When you select this setting, the Configure button gets enabled and you can add the list of sites that are available for whitelist.
NOTE:You can add only the secured web sites to the list. To configure CLE for the Google captcha, you must update the URL Redirection list to with the URL https://www.google.com.
Add site to trusted zone: When you select this setting, all the sites mentioned in the URL redirection list and the site mentioned in Link URL are added to the Internet Explorer trusted zones.
Enable TLS 1.2: This setting is enabled by default.
After all of the information is in place, click Ok on the Advance Settings page.
Click Configure Installer to write the new configuration settings to the selected Client Login Extension file.
Click OK to close the confirmation message.
The Client Login Extension Configuration utility remains open, allowing you to configure another Client Login Extension MSI file in a different language. To do so, click the Browse button to the right of the Path to the Installer to Configure option, select another language, and configure another .msi file by following Step 5 through Step 17.
The localized Client Login Extension MSI files for the more common languages are delivered with the configuration utility in the Installers folder. You must configure each localized installer individually.
To localize the Client Login Extension MSI files for languages other than those delivered with the Client Login Extension, see Localizing Client Login Extension Files for Other Languages.
Click Configure Installer.
To close the Client Login Extension Configuration utility window, click Exit.