Chat now with support
Chat with Support

Enterprise Single Sign-On 9.0.2 - Authentication Manager for Linux Thin Clients Installation Configuration Guide

Command line arguments

Command line arguments

  • -h: help menu.
  • -v: version information.
  • -d: verbose (debug) mode with output on stderr.
  • -D: verbose mode with output on stderr and log file.
  • -u url: EAM web service url list.
  • -s secret: shared secret.
  • -S path: secret path and file.
  • -e exe: start script.
  • -x exe: end (stop) script.
  • -c ca.cert: Cacert file list or path of the certification authority.
  • -M path: message catalog path.
  • -l level: level for trace.
  • -L path: path of the logging directory.
  • -t: tapping mode.
  • -T delay: delay for dynamic tapping mode (in seconds).
  • -w: welcome message will be displayed.
  • -A path: authentication configuration file path.
  • -y name: name of the process to spy (RFID tapping mode).
  • -P: password authentication is supported.
  • -n domain: default domain name for password authentication.

Example

rsUserAuth -u https://192.168.45.120:9765/soap -S /etc/rsUserAuth/secret.txt -e start.bash -x stop.bash -l medium -A /etc/rsUserAuth/authConf.txt

The Configuration File

The Configuration File

Description

The default configuration file name is rsUserAuth.ini, it is located in the /etc/rsUserAuth directory. The configuration file name and path can be customized, its full pathname must be provided with the argument -p of the rsUserAuth command line.

Template

 

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; rsUserAuth configuretion file

; default path of the .ini file is /etc/rsUserAuth/rsUserAuth.ini

; this file contains settings for rsUserAuth

; each setting has a specific label followed by "=" and its value,

; you must validate and uncomment the

; to validate settings, you must update and uncomment the right lines. [general]

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; User Access web service url.

;url=https://192.168.45.120:9765/soap

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Cacert file path of certification authority

;caCrt_Path=/etc/rsUserAuth/ca.crt

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; shared secret

;secret=My_Secret

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; shared secret path including the name of the file

;secret_Path=/etc/rsUserAuth/secret.txt

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; path of the message catalog including the name of the file

;messages_Path=/etc/rsUserAuth/messages.cat

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; start script which will be executed after retreiving

; roaming session

; parameters are:

; $1 is username

; $2 is password

; $3 is domain

;startExec=/home/rsUserAuth/start.bash

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; command which will be executed after card is removed

;endExec==/home/rsUserAuth/sop.bash

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; tapping mode may be "on" or "off", default value is "off"

;tapping=on

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; tapping delay for dynamic tapping. Delay is in seconds, default is 3

;tappingDelay=3

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;logging parameters

; logLevel may be "none", "low", "medium", "high", details"

; logDirectory : default value is /tmp. Be careful to have write

permissions for this directory

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;logLevel= none

;logDirectory= /tmp

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; welcome message may be "on" or "off", default value is "off"

;welcomeMessage=on

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;authentication configuration file path

;authenticationConfigurationFile_Path=/etc/rsUserAuth/authConf.txt

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Name of the process to spy (RFID tapping mode only)

;processToSpy=My_process

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Password authentication is allowed

;passwordAuthenticationMethod=on

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

; Default domain name in case of password authentication

;defaultDomain=myDomain

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Enabling High Availability

Enabling High Availability

Subject

Authentication Manager for Linux is highly available as it can support more than one server at a time. To enable high availability, execute the following procedure.

Procedure

Set the following configuration parameters:

  • EAM Web service (-u parameter): enter a URL list of the Web servers, separated by a comma, such as:
    https://129.182.77.111:9765/soap, //129.182.77.222:9765/soap,
    //129.182.77.333:9765/soap, etc
    .
  • Certificate file path (-c parameter): enter a list of certificate files separated by a comma, such as:
    /etc/rsUserAuth/ca111.crt,/etc/rsUserAuth/ca222.crt,/etc/rsUserAuth/ca333.crt, etc.

NOTE: The number of certificates must be the same as the number of Web servers in the list and must be ordered in the same way.

 

 

Logging on to a Roaming Session

Logging on to a Roaming Session

Logging on with an RFID Badge

Subject

This section explains how to connect to a roaming session on a Linux thin client with your RFID badge.

Description

An RFID badge can either be:

  • Placed on the device, i.e. active mode. The roaming session is:
  • Started (retrieving roaming session and executing the start script which may open a Citrix session for example) when the badge is placed on the reader.
  • Locked (the end script is executed) when the badge is withdrawn.

IMPORTANT: The badge must remain on the device as long as the roaming session is needed.

  • Placed on the device for a specific length of time, i.e. dynamic tapping mode. The roaming session is:
  • Started (retrieving roaming session and executing the start script which may open a Citrix session for example) when the badge is placed on the reader.
  • set in:
  • passive mode if the badge is withdrawn before the delay expires.
  • active mode if the badge is not withdrawn before the delay expires.
  • Quickly presented to the device, i.e. passive mode or tapping mode. The roaming session is:
  • Started (retrieving roaming session and executing the start script which may open a Citrix session for example) when the badge is placed on the reader and withdrawn.
  • Locked (the end script is executed) when the badge is presented again and withdrawn.

NOTE:

  • In tapping mode, a specified process can be spied..
  • If a process is started at start script execution and ended although the badge is not presented for the second time, the end script is executed and the badge state is reset. A configuration parameter must be used for this feature.

 

Related Documents