Exit Print View

Oracle Secure Global Desktop Administration Guide for Version 4.6

Document Information

Preface

1.  Networking and Security

2.  User Authentication

3.  Publishing Applications to Users

4.  Configuring Applications

5.  Client Device Support

6.  SGD Client and Webtop

7.  SGD Servers, Arrays, and Load Balancing

A.  Global Settings and Caches

Secure Global Desktop Authentication Tab

The Authentication Wizard

Token Generation

Description

Command Line

Password Cache

Description

Command Line

Third-Party Authentication

Description

Command Line

System Authentication

Description

Command Line

Search Local Repository

Description

Command Line

Search LDAP Repository

Description

Command Line

Use Default Third-Party Identity

Description

Command Line

Use Default LDAP Profile

Description

Command Line

Use Closest Matching LDAP Profile

Description

Command Line

LDAP/Active Directory

Description

Command Line

Unix

Description

Command Line

Authentication Token

Description

Command Line

Windows Domain Controller

Description

Command Line

SecurID

Description

Command Line

Anonymous

Description

Command Line

Search Unix User ID in Local Repository

Description

Command Line

Search Unix Group ID in Local Repository

Description

Command Line

Use Default User Profile

Description

Command Line

Windows Domain

Description

Command Line

Active Directory

Description

Command Line

LDAP

Description

Command Line

Service Objects Tab

The Service Objects List Table

Name

Type

Enabled

URLs

User Name and Password

Connection Security

Active Directory Base Domain

Active Directory Default Domain

Application Authentication Tab

Password Cache Usage

Description

Command Line

Action When Password Expired

Description

Command Line

Smart Card Authentication

Description

Command Line

Dialog Display

Description

Command Line

"Save Password" Box

Description

Command Line

"Always Use Smart Card" Box

Description

Command Line

Display Delay

Description

Command Line

"Launch Details" Pane

Description

Command Line

Communication Tab

Unencrypted Connections Port

Description

Command Line

Encrypted Connections Port

Description

Command Line

AIP Keepalive Frequency

Description

Command Line

Timeout for User Session Resumability

Description

Command Line

Timeout for General Resumability

Description

Command Line

Resource Synchronization Service

Description

Command Line

User Session Idle Timeout

Description

Command Line

Performance Tab

Application Session Load Balancing

Description

Command Line

Application Load Balancing

Description

Command Line

Client Device Tab

Windows Client Drive Mapping

Description

Command Line

Unix Client Drive Mapping

Description

Command Line

Dynamic Drive Mapping

Description

Command Line

Windows Audio

Description

Command Line

Windows Audio Sound Quality

Description

Command Line

Unix Audio

Description

Command Line

Unix Audio Sound Quality

Description

Command Line

Smart Card

Description

Command Line

Serial Port Mapping

Description

Command Line

Copy and Paste

Description

Command Line

Client's Clipboard Security Level

Description

Command Line

Time Zone Map File

Description

Command Line

Editing

Description

Command Line

Printing Tab

Client Printing

Description

Command Line

Universal PDF Printer

Description

Command Line

Make Universal PDF Printer the Default

Description

Command Line

Universal PDF Viewer

Description

Command Line

Make Universal PDF Viewer the Default

Description

Command Line

Postscript Printer Driver

Description

Command Line

Security Tab

New Password Encryption Key

Description

Command Line

Timeout for Print Name Mapping

Description

Command Line

Connection Definitions

Description

Command Line

X Authorization for X Display

Description

Command Line

Monitoring Tab

Log Filter

Description

Command Line

Billing Service

Description

Command Line

Resilience Tab

Array Failover

Description

Command Line

Monitor Interval

Description

Command Line

Monitor Attempts

Description

Command Line

Find Primary Interval

Description

Command Line

Find Primary Attempts

Description

Command Line

Action When Failover Ends

Description

Command Line

Backup Primaries

Description

Command Line

Caches Tab

Passwords Tab

Description

Adding Entries to the Password Cache

Command Line

Tokens Tab

Description

Command Line

B.  Secure Global Desktop Server Settings

C.  User Profiles, Applications, and Application Servers

D.  Commands

E.  Login Scripts

F.  Third-Party Legal Notices

Glossary

Index

Service Objects Tab

The Service Objects tab is where you can view, create, edit, and manage service objects. A service object is a group of configuration settings used for the following SGD authentication mechanisms:

Use the buttons in the Service Objects List table to manage service objects for the SGD array.

Use the Repository Type option to enable either LDAP or Active Directory authentication. The Repository Type option is only available if both LDAP and Active Directory service objects have been created.

From the command line, use the tarantella service commands to create, delete, edit, and list service objects. See The tarantella service Command.

For more information about service objects, see Using Service Objects.

The Service Objects List Table

The Service Objects List table displays the service objects configured for the SGD array.

When you enable LDAP or Active Directory authentication using the Secure Global Desktop Authentication Wizard, a service object called generated is created automatically and the Service Objects List table is shown.

The Service Objects List table includes the following information for each service object:

The New button is used to create a new service object. The new service object is added at the end of the Service Objects List table in last position.

The Edit button is used to edit the selected service object.

The Delete button removes the selected service object.

The Duplicate button makes a copy of the selected service object.

The Enable and Disable buttons switches the enabled state of the selected service object.

The Move Up and Move Down buttons are used to change the position of the selected service object in the table.

You update the Service Objects List table by clicking the Reload button.

When you create, duplicate, or edit a service object, a new window is displayed that enables you to configure the service object. In this window, you can configure only the following commonly-used settings for service objects:

There are also some advanced service object settings that can be configured only from the command line with the tarantella service new or the tarantella service edit commands, see Using Service Objects for more details.

Name

Usage: Type the name of the service object in the field.

The name of the service object.

Once you have created a service object, you cannot rename it. Use the Duplicate button in the Service Objects List table to create a copy of the service object with a different name.

The name can only contain lowercase characters, digits, or the characters “_” and “-”.

Type

Usage: Select either the LDAP or Active Directory option.

The Type setting controls which SGD authentication mechanism can use the service object.

Select the LDAP option even if you are using a Microsoft Active Directory server for LDAP authentication.

Active Directory service objects are used only for Active Directory authentication.

Once you have created a service object, you cannot change the type.

Enabled

Usage: Select or deselect the check box.

Whether to enable the service object. A service object must be enabled before SGD can use it.

URLs

Usage: Type one or more uniform resource locators (URLs) in the field. Separate each URL with a semicolon.

For LDAP service objects, type one or more URLs of LDAP directories. The URLs are used in the order they are listed. If the first LDAP directory server listed is unavailable, SGD tries the next one in the list. Alternatively, you can create separate service objects for each URL. SGD uses each service object in their position order. Each LDAP URL has the form ldap://server:port/searchroot. Each of these options is defined as follows:

Use an ldaps:// URL if your LDAP directory server uses Secure Sockets Layer (SSL) connections. Extra configuration might be required for SSL connections, see Network Requirements for LDAP Authentication.

The URLS configured for an LDAP service object must all be of the same type, either ldap:// or ldaps://. You cannot use a mixture of ldap:// and ldaps:// URLs.

For Active Directory service objects, type a the URL of an Active Directory forest. For example, ad://example.com. The URL must start ad://. Only type one URL.

Use the Test button to test the connection to the URLs.

User Name and Password

Usage: Type the user name and password in the fields.

The user name and password of a user that has privileges to search the directory server.

For security reasons, the password is not displayed, even if it has been previously set.

For LDAP service objects, type the DN of the user, for example cn=sgd-user,cn=Users,dc=example,dc=com. This is the administrator bind DN, see LDAP Bind DN and Password Change for more details. As you can only enter one user name and password, this user must be able to search all LDAP directory servers listed in the URL field. If you need to use different user names and password, create separate service objects. If the directory server supports anonymous binds, you can omit the user name and password. To use anonymous binds, you must be able to perform LDAP queries for user data.

For Active Directory service objects, the user name has the form user@example.com. If you omit the domain name from the user name. SGD uses the information in the URL, Base Domain, and Default Domain fields to obtain a domain. The user must have privileges to search Active Directory for user information.

To configure the user name and password for the directory server on the command line, use the tarantella passcache command. See The tarantella passcache Command for more details.

Connection Security

Usage: Select the required option. If the SSL option is selected, an option for using client certificates is enabled.

The mechanism used to secure the connection to an Active Directory server.

See SSL Connections to Active Directory for details of the additional configuration required to use SSL connections.

Active Directory Base Domain

Usage: Type a domain name in the field.

The domain that SGD uses for Active Directory authentication, if users only supply a partial domain when they log in.

For example, if the base domain is set to example.com and a user logs in with the user name rouge@west, SGD authenticates the user as rouge@west.example.com.

Active Directory Default Domain

Usage: Type a domain name in the field.

The domain that SGD uses for Active Directory authentication, if users do not supply a domain when they log in.

For example, if the default domain is set to east.example.com and a user logs in with the user name rouge, SGD authenticates the user as rouge@east.example.com.