SecureLogin Tap to Switch User Using Advanced Authentication

SecureLogin Tap to Switch User Using Advanced Authentication

Introduction


 
This cool solution explains the steps to install and configure SecureLogin Tap to Switch User feature using Advanced Authentication.

Prerequisite



  1. SecureLogin version 8.1.1 and above

  2. SecureLogin installed in AD Mode

  3. SecureLogin configured in KIOSK Mode

  4. Desktop Automation Service configured to perform switch user during smart card tap-in and tap-out operation

  5. Contactless Smart card enrolled for AD users

  6. Advanced Authentication Device Service installed


Install and Configure SecureLogin with Tap to Switch User feature



  1. Install SecureLogin with Advanced Authentication and Desktop Automation Service (DAS) features.

  2. To configure KIOSK Mode in SecureLogin, perform the following:

    1. Click Start > Run to launch the Run dialog box.

    2. Enter regedit and click OK. The Registry Editor opens.

    3. In the Registry Editor, browse to the key HKEY_LOCAL_MACHINE\SOFTWARE\Protocom\SecureLogin\.

    4. Create a DWORD NSLADAuthand set the value of NSLADAuth to 1.




TapCardSwitchUser: This attribute is used to restrict the card tap to switch users in the kiosk mode. If this attribute value is set to true, then single card tap is required to switch the user in kiosk mode. If this attribute value is set to false, then double card tap is required to switch the user in kiosk mode.

  1. To configure DAS in SecureLogin, perform the following:

    • Edit DAS configuration file to perform Tap to switch user operation.




It is located under C:\Program Files\NetIQ\SecureLogin\Desktop Automation Services\actions.xml

Sample Actions.xml

<?xml version="1.0"?>

<!DOCTYPE application-runner-script SYSTEM "ARS_1.0.dtd">

<!-- KP Base Windows Action for Active Directory Mode Version: 1.02 -->

<!-- Inactivity Counter is supposed to be working -->

<application-runner-script>

<action name="startup">

<test-app-running application="sltray.exe">

<if-true>

<AD-logout gina="false" />

<!-- delay for NSL to successfully shutdown -->

<pause interval="750" />

<hide-desktop/>

<pause interval="750" />

<!-- <kill-all-apps exclude-apps="slproto.exe:slwinsso.exe:slbroker.exe:explorer.exe:notepad.exe" /> -->

<pause interval="750" />

<run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>

</if-true>

<if-false>

<hide-desktop />

<pause interval="750" />

<run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>

</if-false>

</test-app-running>

</action>

<action name="showdesktop">

<unhide-desktop/>

</action>

<action name="SCLogoff">

<AD-logout gina="false" />

<!-- delay for NSL to successfully shutdown -->

<pause interval="750" />

<hide-desktop/>

<pause interval="750" />

<!-- <kill-all-apps exclude-apps="slproto.exe:slwinsso.exe:slbroker.exe:explorer.exe:notepad.exe" /> -->

<pause interval="750" />

<run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>

</action>

<action name="insert">

<test-app-running application="sltray.exe">

<if-true></if-true>

<if-false>

<run-application application="sltray.exe" parameters="" on-exit-action="" serial="true" interval="500"/>

</if-false>

</test-app-running>

</action>

<action-triggers>

<on-Tap-cardmon action-name="SCLogoff" card-tapon="insert" LoginAction= "showdesktop" TapCardSwitchUser="true"/>

</action-triggers>

</application-runner-script>


  1. Configure DAS to start on Windows startup

    • Click Start > Run to launch the Run dialog box.

    • Enter regedit and click OK. The Registry Editor opens.

    • In the Registry Editor, browse to the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

    • Create a String with any descriptive name and set the path to DAS executable as value.
      For Example: DAS : C:\Program Files\NetIQ\SecureLogin\Desktop Automation Services\ARS.exe startup
      Note:
      startup
      is the additional parameter used in DAS to invokes a default action defined in the actions.xml during Windows startup.



  2. Reboot the Operating system.

  3. The Tap to Switch User feature is ready to use.


Additional References



  1. Administering Desktop Automation Service

    https://www.netiq.com/documentation/securelogin-85/administration_guide/data/bheri73.html



  2. SecureLogin support for Advanced Authentication


  3. https://www.netiq.com/documentation/securelogin-85/administration_guide/data/bz5mpi4.html




  4. Advanced Authentication Server, Client and Device Services installation and configuration

    https://www.netiq.com/documentation/advanced-authentication-55/



DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2017-02-27 22:30
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.