4.2 Configuring Client Integrity Check

You can configure a client integrity check policy to verify the recommended software (such as firewall and antivirus software) is installed on the client machine. You can configure different policies for Windows, Linux, and Macintosh machines and specify software that must be available in client machines to pass the client integrity check.

You need to create an identity provider authentication class that checks for the specified software on the client machine. You can configure policies to check processes, files, Windows registry, system services, and so on. This class can be executed with the first method of the contract. If the check fails, the user authentication fails.

Perform the following steps to configure the client integrity check:

  1. Copy the following file from /opt/novell/nam/sslvpn/webapps/sslvpn to /opt/novell/nam/idp/webapps/nidp/classUtils:.

    For Linux: LinCic from the linux folder.

    For Macintosh: MacCic from the MacOS and Maci386 folders.

    For Windows: wincic.msi from the windows folder.

  2. Extract the binary file on the Identity Server machine and make it executable by using the chmod +x.

    For example, run chmod +x wincic.exe for Windows.

  3. Create CIC policies and assign it to a security level.

    For more information about how to configure a CIC policy, see Configuring Policies to Check the Integrity of the Client Machine in the NetIQ Access Manager 3.2 SP3 SSL VPN Server Guide

  4. Copy the cic_linux.txt, cic_windows.txt, and cic_mac.txt files from /etc/opt/novell/sslvpn to the respective windows, linux and mac folders at /opt/novell/nam/idp/webapps/nidp/classUtils.

  5. In the Administration Console, click Identity Server > Edit > Local > Classes > New.

  6. Specify a name for the class and select ClientIntegrityCheckClass in Java class.

  7. Click Next.

  8. Click New and specify property name and property value.

  9. Click OK > Finish.

  10. Create a method for this class and deselect Identifies User check box and set all other fields to default settings and click OK. For instructions, see Section 3.3, Configuring Authentication Methods.

  11. Go to the Contracts tab and select CIC method from the Available Methods list and click OK. For instructions, see Section 3.4, Configuring Authentication Contracts.