Smartcards are the main mode of authentication in the most secure environments such as defense, finance, banking and some research organizations. If Smartcard should not the user remember their password or token and the authentication flow should run from end to end. For example, if we authenticate using smartcard authentication to the end point further, the authentication token must be sent to all infrastructure layers awaiting the token. If the passage through the mechanism is not proven then the authentication flow from one end to break resulting in a poor experience for the end user.
This was one of the challenges we faced over WIonNS deployments. WIonNS did not have the SSO and go through support for sending the identity of the user to the backend XenApp / XenDesktop infrastructure. Thus all use cases where Smartcards were the primary authentication mechanism, WIonNS was not the preferred method of deployment. Well ... that happened and with NetScaler 10 latest GA we added Smartcard based SSO support to WIonNS module. Now users can authenticate with AGED using client certificates by Smartcard or local cert store. After successful authentication, AGED will extract the username token from the certificate and send it to WIonNS. If WIonNS is configured for SSO based Smartcard then it passes the user token on the XenApp / XenDesktop server. The internal infrastructure confirm the validity of the user through the LDAP delegation and publish the applications to the user. Establishment WIonNS for this function is just a matter of following simple steps:
- WI tar file to use is " nswi-1.5.tgz "
- Install nswi-1.5.tgz NetScaler packet GUI
- Use the Web interface wizard to configure
- Choose default access method as " direct Gateway "
- Select access vserver respective gateway
- Click Settings and configure single sign-on domain
- Select the methodas access authentication gateway" Smartcard "
for an end to the Smartcard related configuration, click the Smartcard settings invoking following configuration wizard.
- Specify the CA certificate that should be used for client authentication
- Create the authentication policy and link it to the vserver ELDERLY
- Configure the type of authentication that CERT in the political
- Create the authentication server share for the field
- Make that the username field is set appropriately
- Configure SSL settings to enable client authentication
- Specify whether the client certificate is optional or compulsory
- Provide rest of the WI wizard configuration settings
And you're ready to go with functionally available WIonNS deployment with the Smartcard support. This simplified configuration experience should contribute to the rapid adoption of this feature.
Pending your deployment experiences ...
0 Komentar