Citrix – Tap and Go, Smartcard User Switching

Overview

This solutions is targeting public environment such as hospitals where several users uses the same computer and are in need to quickly access confidential information in a secure manner using a smartcard. Usually, logging on a computer can take serveral minutes. Public computers always logged in solve this, but there is no way to ensure who accessed what information when.

Requirements

The solution requires Citrix new SSO API for Citrix Online plugin (receiver) and SecMaker’s Net iD Citrix SSO “plugin”.

Technical description

When the computer starts it is automatically logged on whit an anonomuys account. What will be accessible is locked down with standard Windows policies. Citrix Online Plugin (receiver) is automatically launched with the computer allowing users to access this. When a user inserts a smartcard Citrix Online Plugin reacts and ask for the smartcard PIN. When the PIN is entered, Net iD SSO Service caches the pin and feeds Citrix SSO service with the smartcard PIN. When a connection towards a Citrix XenApp published application is made or a XenDesktop Citrix SSO service feeds the credential provider on the server or desktop with the smartcard PIN and an automatic logon is made as the same user who logged on the Online Plugin. When later on the user removes his card the Net iD SSO and Citrix SSO Service is unloaded to ensure PIN no longer is cached, and the connection towards the server or desktop is disconnected. Now the computer is available for the next user.

Demofilm: Tap and Go

Fyra användare delar på en gruppinloggad Windows XP dator.

Konfiguration

Notera att nedanstående konfigurationer kräver att en kundunik paketering beställs. Paketet kompletteras då med funktionen Net iD Watch och nedanstående konfiguration byggs med i själva paketet.

Konfigurationerna är exempel på baskonfigurationer och kan behöva modifieras i samråd med kund

Konfiguration på 32-bitars Windows 7

Följande parametrar gäller tillsammans med och SSO2. Citrix API.

[Command]
Watch=-hide config
[Watch Remove]
1=load iid.dll,EntryAdmin -send logoff -library "%PROGRAMFILES%\Citrix\ICA Client\pnsson.dll" -function CtxLogoffSSOUser -parameters 6,1000
[Report PIN]
1="%PROGRAMFILES%\Net iD\iid.exe" -set logon -number %number% -user %user% -domain %domain%
2="%PROGRAMFILES%\Net iD\iid.exe" -send logon -library "%PROGRAMFILES%\Citrix\ICA Client\pnsson.dll" -function CtxLogonSSOUser -parameters 6,2,1000

Konfiguration på 64-bitars Windows 7

Följande parametrar gäller tillsammans med DUAL och SSO2. OBSERVERA att både iid.cfg för 32-bit och 64-bit Net iD krävs och ser ut enl. nedan.

[Command]
Watch=-hide config
[Watch Remove]
1=load iid.dll,EntryAdmin -send logoff -library "%PROGRAMFILES(x86)%\Citrix\ICA Client\x64\pnsson.dll" -function CtxLogoffSSOUser -parameters 6,1000
[Report PIN]
1="C:\Program Files\Net iD\iid.exe\Net iD\iid.exe" -set logon -number %number% -user %user% -domain %domain% 2="C:\Program Files\Net iD\iid.exe" -send logon -library "%PROGRAMFILES(x86)%\Citrix\ICA Client\x64\pnsson.dll" -function CtxLogonSSOUser -parameters 6,2,1000

Konfiguration på 32-bitars Windows XP

Följande parametrar gäller tillsammans med SSO2.

[Command]
Watch=-hide config
[Watch Remove] 1=load iid.dll,EntryAdmin -send logoff -library "%PROGRAMFILES%\Citrix\ICA Client\pnsson.dll" -function CtxLogoffSSOUser -parameters 6,1000
[Report PIN]
1="%PROGRAMFILES%\Net iD\iid.exe" -set logon -number %number% -user %user% -domain %domain%
2="%PROGRAMFILES%\Net iD\iid.exe" -send logon -library "%PROGRAMFILES%\Citrix\ICA Client\pnsson.dll" -function CtxLogonSSOUser -parameters 6,2,1000

Konfiguration på 32-bitars Windows XP – Vid problem med återanslutning

Med denna konfiguration avslutas pnagent.exe vid kort ur och startar med kort i

[Command]
Watch=-hide config
[Watch Insert]
1="%PROGRAMFILES%\Citrix\ICA Client\pnagent.exe"
[Watch Remove]
1=load iid.dll,EntryAdmin -send logoff -library "C:\Program\Citrix\ICA Client\pnsson.dll" -function CtxLogoffSSOUser -parameters 7,1000 [Command] Watch=-hide config
[Report PIN]
1="%PROGRAMFILES%\Net iD\iid.exe" -set logon -number %number% -user %user% -domain %domain%
2="%PROGRAMFILES%\Net iD\iid.exe" -send logon -library "C:\Program\Citrix\ICA Client\pnsson.dll" -function CtxLogonSSOUser -parameters 6,2,1000