20.4 Usage Scenario

This section explains the SecureLogin configuration that is required to switch user using Desktop Automation service and Advanced Authentication.

To tap smart card to switch user, perform the following:

  1. Install SecureLogin with Advanced Authentication and Desktop Automation Service (DAS)

  2. Perform the following to configure Kiosk mode in SecureLogin.

    1. On the Windows desktop, click start > Run to display the Run dialog box.

    2. Enter regedit, then click OK to open the Registry Editor.

    3. Browse to the HKEY_LOCAL_MACHINE\SOFTWARE\Protocom\SecureLogin\NSLADAuth.

    4. Create DWORD NSLADAuth and set the value of NSLADAuth to 1.

  3. Edit the action.xml file and set the value of the attribute TapCardSwitchUser to true to switch the user in single card tap.

    The DAS action.xml file is located at C:\Program Files\NetIQ\SecureLogin\Desktop Automation Services\actions.xml.

    A sample action.xml file with TapCardSwitchUser attribute is as follows:

    <?xml version="1.0"?>
    
    <!DOCTYPE application-runner-script SYSTEM "ARS_1.0.dtd">
    
    <!-- KP Base Windows Action for Active Directory Mode Version: 1.02 -->
    
    <!-- Inactivity Counter is supposed to be working -->
    
    <application-runner-script>
    
    <action name="startup">
    
    <test-app-running application="sltray.exe">
    
    <if-true>
    
    <AD-logout gina="false" />
    
    <!-- delay for NSL to successfully shutdown -->
    
    <pause interval="750" />
    
    <hide-desktop/>
    
    <pause interval="750" />
    
    <!-- <kill-all-apps exclude-apps="slproto.exe:slwinsso.exe:slbroker.exe:explorer.exe:notepad.exe" /> -->
    
    <pause interval="750" />
    
    <run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>
    
    </if-true>
    
    <if-false>
    
    <hide-desktop />
    
    <pause interval="750" />
    
    <run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>
    
    </if-false>
    
    </test-app-running>
    
    </action>
    
    <action name="showdesktop">
    
    <unhide-desktop/>
    
    </action>
    
    <action name="SCLogoff">
    
    <AD-logout gina="false" />
    
    <!-- delay for NSL to successfully shutdown -->
    
    <pause interval="750" />
    
    <hide-desktop/>
    
    <pause interval="750" />
    
    <!-- <kill-all-apps exclude-apps="slproto.exe:slwinsso.exe:slbroker.exe:explorer.exe:notepad.exe" /> -->
    
    <pause interval="750" />
    
    <run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>
    
    </action>
    
    <action name="insert">
    
    <test-app-running application="sltray.exe">
    
    <if-true></if-true>
    
    <if-false>
    
    <run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>
    
    </if-false>
    
    </test-app-running>
    
    </action>
    
    <action-triggers>
    
    <on-Tap-cardmon action-name="SCLogoff" card-tapon="insert" LoginAction= "showdesktop" TapCardSwitchUser="true"/>
    
    </action-triggers>
    
    </application-runner-script>
  4. Perform the following to configure DAS to load on startup:

    1. On the Windows desktop, click start > Run to display the Run dialog box.

    2. Enter regedit, then click OK to open the Registry Editor.

    3. Browse to the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

    4. Create a String with any name and set the path to DAS executable as value. For example: DAS : C:\Program Files\NetIQ\SecureLogin\Desktop Automation Services\ARS.exe startup

      NOTE:Startup is the additional parameter used in DAS to invokes a default action defined in the actions.xml during Windows startup.

  5. Reboot the system and perform single tap to switch user.