Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - Authentication Manager for Linux Thin Clients Installation Configuration Guide

Token Selection

Token Selection

A roaming session can be retrieved for RFID badges and smart cards.

To limit the EAM research to RFID badges only (only supported at that time by rsUserAuth), you must set the following Windows register string value: ExternalRoamingSessionToken.

This value is set under the HKEY_LOCAL_MACHINE\SOFTWARE\Enatel\
WiseGuard\Framework\Authentication
key.

Two values are available:

  • ExternalRoamingSessionToken = SmartCard means that only smart cards are searched.
  • ExternalRoamingSessionToken = RFID means that only RFID badges are searched.

 

Configuring rsUserAuth

Configuring rsUserAuth

rsUserAuth needs configuration parameters that can be provided with command lines and/or with a configuration file.

IMPORTANT: Each command line overrides its corresponding configuration file parameter if it exists.

Parameters and Options

Parameters and Options

Mandatory Parameters

  • EAM web service url.
    Example: https://129.182.77.100:9765/soap
    You can define a list of several Web servers: when a Web server is not responding, the next server in this list is used. The URLs must be separated by a comma and only https must be used. Example:
    https://129.182.77.100:9765/soap,//129.182.77.200:9765/soap,
    //129.182.77.300:9765/soap
  • Cacert file path or path of certification authority for https connections.
    If there is a list of EAM Web services, you must define the directory where the certificates are or a list of certificate files. If there is a list of certificate files, then the certificate file paths must be separated by a comma and the list must have the same number of items as the EAM Web service list.
    The list of certificate files and the EAM Web service list must be in the same order.

Example:
If the EAM Web service list contains:
https://129.182.77.100:9765/soap,//129.182.77.200:9765/soap,//129.182.77.300:9765/soap
The certificate files list must contain:
/etc/rsUserAuth/ca1.crt,/etc/rsUserAuth/ca2.crt,/etc/rsUserAuth/ca3.crt

  • ca1.crt is used with 129.182.77.100 web server.
  • ca2.crt is used with 129.182.77.200 web server.
  • ca3.crt is used with 129.182.77.300 web server.
  • or a certificate directory can be used: /etc/rsUserAuth

  • Shared secret or shared secret complete path
    Example: My_Secret or /etc/rsUserAuth/secret
  • Start script to execute when the badge is detected. This script can use 3 parameters:
    • $1 = username
    • $2 = password
    • $3 = domain
  • Example: /home/rsUserAuth/start.bash
  • End script to execute when the badge is removed
    Example: /home/rsUserAuth/stop.bash

Optional Parameters and Options

Optional Parameters and Options

  • rsUserAuth configuration file: complete path and file name. By default, it is
    /etc/rsUserAuth:rsUserAuth.ini
  • Verbose mode: the log messages are directed either to stderr or stderr and log file.
  • Tapping mode: this feature is only available for RFID badges. By default, this mode is disabled.
  • Message catalog path: complete path and file name. By default, it is
    ./rsUserAuth.cat
  • Level for trace: the level for trace can be chosen among these values:
    • none.
    • low.
    • medium.
    • high.
    • details.

NOTE: For more information on the log file, see rsUserAuth Log File.

 

  • Path of the logging directory: complete path of the logging directory. By default, the logging directory is /tmp.
  • Version number: provides the version of the rsUserAuth binary.
  • Help: provides the command line options.
  • Welcome Message: allows to display a customized message when the process is ready to accept a card on the reader.
  • Authentication configuration file path: complete path and file name where the settings for smart cards are set.
    Example: pkcs#11 library path.
    Authentication configuration settings:
    smartcard_pkcs_library=/usr/local/lib/libcardos11.so.
  • Process To Spy: name of the process for which the end activates the end script.
    This feature is only available with the RFID
    tapping mode.
  • Password authentication: allows to authenticate with the password method and to reset the user primary password.
Related Documents