OpenText product name changes coming to the community soon! Learn more.

Wikis - Page

SecureLogin Tap to Switch User Using Advanced Authentication

1 Likes

Introduction

 This cool solution explains the steps to install and configure SecureLogin Tap to Switch User feature using Advanced Authentication.

Prerequisite

  1. SecureLogin version 8.1.1 and above
  2. SecureLogin installed in AD Mode
  3. SecureLogin configured in KIOSK Mode
  4. Desktop Automation Service configured to perform switch user during smart card tap-in and tap-out operation
  5. Contactless Smart card enrolled for AD users
  6. Advanced Authentication Device Service installed

Install and Configure SecureLogin with Tap to Switch User feature

  1. Install SecureLogin with Advanced Authentication and Desktop Automation Service (DAS) features.
  2. To configure KIOSK Mode in SecureLogin, perform the following:
  • Click Start > Run to launch the Run dialog box.
  • Enter regedit and click OK. The Registry Editor opens.
  • In the Registry Editor, browse to the key HKEY_LOCAL_MACHINE\SOFTWARE\Protocom\SecureLogin\.
  • Create a DWORD NSLADAuth and set the value of NSLADAuth to 1.
  1. To configure DAS in SecureLogin, perform the following:
  • Edit DAS configuration file to perform Tap to switch user operation.
  • It is located under C:\Program Files\NetIQ\SecureLogin\Desktop Automation Services\actions.xml

 

Sample Actions.xml

<?xml version="1.0"?>

<!DOCTYPE application-runner-script SYSTEM "ARS_1.0.dtd">

<!-- KP Base Windows Action for Active Directory Mode Version: 1.02 -->

<!-- Inactivity Counter is supposed to be working -->

<application-runner-script>

<action name="startup">

<test-app-running application="sltray.exe">

<if-true>

<AD-logout gina="false" />

<!-- delay for NSL to successfully shutdown -->

<pause interval="750" />

<hide-desktop/>

<pause interval="750" />

<!-- <kill-all-apps exclude-apps="slproto.exe:slwinsso.exe:slbroker.exe:explorer.exe:notepad.exe" /> -->

<pause interval="750" />

<run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>

</if-true>

<if-false>

<hide-desktop />

<pause interval="750" />

<run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>

</if-false>

</test-app-running>

</action>

<action name="showdesktop">

<unhide-desktop/>

</action>

<action name="SCLogoff">

<AD-logout gina="false" />

<!-- delay for NSL to successfully shutdown -->

<pause interval="750" />

<hide-desktop/>

<pause interval="750" />

<!-- <kill-all-apps exclude-apps="slproto.exe:slwinsso.exe:slbroker.exe:explorer.exe:notepad.exe" /> -->

<pause interval="750" />

<run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>

</action>

<action name="insert">

<test-app-running application="sltray.exe">

<if-true></if-true>

<if-false>

<run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>

</if-false>

</test-app-running>

</action>

<action-triggers>

<on-Tap-cardmon action-name="SCLogoff" card-tapon="insert" LoginAction= "showdesktop" TapCardSwitchUser="true"/>

</action-triggers>

</application-runner-script>

 

TapCardSwitchUser: This attribute is used to restrict the card tap to switch users in the kiosk mode. If this attribute value is set to true, then single card tap is required to switch the user in kiosk mode. If this attribute value is set to false, then double card tap is required to switch the user in kiosk mode.

  1. Configure DAS to start on Windows startup
  • Click Start > Run to launch the Run dialog box.
  • Enter regedit and click OK. The Registry Editor opens.
  • In the Registry Editor, browse to the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
  • Create a String with any descriptive name and set the path to DAS executable as value.
    For Example: DAS : C:\Program Files\NetIQ\SecureLogin\Desktop Automation Services\ARS.exe startup
    Note:
    startup
    is the additional parameter used in DAS to invokes a default action defined in the actions.xml during Windows startup.
  1. Reboot the Operating system.
  2. The Tap to Switch User feature is ready to use.

Additional References

Administering Desktop Automation Service
https://www.netiq.com/documentation/securelogin-88/administration_guide/data/bheri73.html

SecureLogin support for Advanced Authentication
https://www.netiq.com/documentation/securelogin-88/administration_guide/data/bz5mpi4.html

Advanced Authentication Server, Client and Device Services installation and configuration
https://www.netiq.com/documentation/advanced-authentication/index.html

Labels:

How To-Best Practice
Comment List
Related
Recommended