6.2 GINA Credential/Credential Provider Pass-Through

With the SecureLogin Citrix components installed, SecureLogin provides a seamless pass-through of GINA credentials/Credential Provider from the client to the server. The GINA credential/Credential Provider pass-through operates anytime that the terminal server presents a GINA/ Credential Provider login panel. If the credentials that the user used to log in to the client match the credentials of the terminal server, the credentials are automatically passed for the user. If the credentials do no match, SecureLogin captures the error and presents a new login panel for the user to complete. SecureLogin detects which GINA/ Credential Provider is running on the Citrix server and requests the appropriate information.

For example, if SecureLogin detects that the terminal server has the Novell Client installed, SecureLogin presents the following dialog box:

Figure 6-1 NDS Credentials

After the user completes the dialog box, SecureLogin saves the information as a hidden application (platform) within the SecureLogin datastore directory (and local cache if applicable). The next time the user accesses the terminal server, the credentials are retrieved from the hidden application and seamlessly passed to the terminal server.

Several components are utilized by SecureLogin to perform the GINA/ Credential Provider pass-through authentication. Depending on the configuration, different modules are required. The credentials are retrieved from the hidden application and seamlessly passed to the terminal server.

6.2.1 What Happens when Credential Provider/ GINA Pass-Through is Working?

  1. The users boot the workstation.

  2. He or she is prompted to enter the credentials to log in.

    The SecureLogin client interface module captures the login credentials, encrypts, and stores the details in the workstation registry.

  3. SecureLogin loads on the workstation and reads the encrypted credentials from the registry and stores the values to the ?sys variable.

  4. The user initiates the a Citrix session through the ICA Client, RDP Client, or the SLLauncher.

  5. SecureLogin detects the Citrix session and establishes the virtual channel.

  6. When the login is required within the Citrix session, SecureLogin client interface modules on the server query the virtual channel for the pass-through credentials.

  7. After the credentials are obtained through the virtual channel, SecureLogin passes the credentials to the configured authentication service.