Exit Print View

Oracle Secure Global Desktop Administration Guide for Version 4.6

Document Information

Preface

1.  Networking and Security

2.  User Authentication

3.  Publishing Applications to Users

4.  Configuring Applications

5.  Client Device Support

6.  SGD Client and Webtop

7.  SGD Servers, Arrays, and Load Balancing

A.  Global Settings and Caches

Secure Global Desktop Authentication Tab

The Authentication Wizard

Token Generation

Description

Command Line

Password Cache

Description

Command Line

Third-Party Authentication

Description

Command Line

System Authentication

Description

Command Line

Search Local Repository

Description

Command Line

Search LDAP Repository

Description

Command Line

Use Default Third-Party Identity

Description

Command Line

Use Default LDAP Profile

Description

Command Line

Use Closest Matching LDAP Profile

Description

Command Line

LDAP/Active Directory

Description

Command Line

Unix

Description

Command Line

Authentication Token

Description

Command Line

Windows Domain Controller

Description

Command Line

SecurID

Description

Command Line

Anonymous

Description

Command Line

Search Unix User ID in Local Repository

Description

Command Line

Search Unix Group ID in Local Repository

Description

Command Line

Use Default User Profile

Description

Command Line

Windows Domain

Description

Command Line

Active Directory

Description

Command Line

LDAP

Description

Command Line

Service Objects Tab

The Service Objects List Table

Name

Type

Enabled

URLs

User Name and Password

Connection Security

Active Directory Base Domain

Active Directory Default Domain

Application Authentication Tab

Password Cache Usage

Description

Command Line

Action When Password Expired

Description

Command Line

Smart Card Authentication

Description

Command Line

Dialog Display

Description

Command Line

"Save Password" Box

Description

Command Line

"Always Use Smart Card" Box

Description

Command Line

Display Delay

Description

Command Line

"Launch Details" Pane

Description

Command Line

Communication Tab

Unencrypted Connections Port

Description

Command Line

Encrypted Connections Port

Description

Command Line

AIP Keepalive Frequency

Description

Command Line

Timeout for User Session Resumability

Description

Command Line

Timeout for General Resumability

Description

Command Line

Resource Synchronization Service

Description

Command Line

User Session Idle Timeout

Description

Command Line

Performance Tab

Application Session Load Balancing

Description

Command Line

Application Load Balancing

Description

Command Line

Client Device Tab

Windows Client Drive Mapping

Description

Command Line

Unix Client Drive Mapping

Description

Command Line

Dynamic Drive Mapping

Description

Command Line

Windows Audio

Description

Command Line

Windows Audio Sound Quality

Description

Command Line

Unix Audio

Description

Command Line

Unix Audio Sound Quality

Description

Command Line

Smart Card

Description

Command Line

Serial Port Mapping

Description

Command Line

Copy and Paste

Description

Command Line

Client's Clipboard Security Level

Description

Command Line

Time Zone Map File

Description

Command Line

Editing

Description

Command Line

Printing Tab

Client Printing

Description

Command Line

Universal PDF Printer

Description

Command Line

Make Universal PDF Printer the Default

Description

Command Line

Universal PDF Viewer

Description

Command Line

Make Universal PDF Viewer the Default

Description

Command Line

Postscript Printer Driver

Description

Command Line

Security Tab

New Password Encryption Key

Description

Command Line

Timeout for Print Name Mapping

Description

Command Line

Connection Definitions

Description

Command Line

X Authorization for X Display

Description

Command Line

Monitoring Tab

Log Filter

Description

Command Line

Billing Service

Description

Command Line

Resilience Tab

Array Failover

Description

Command Line

Monitor Interval

Description

Command Line

Monitor Attempts

Description

Command Line

Find Primary Interval

Description

Command Line

Find Primary Attempts

Description

Command Line

Action When Failover Ends

Description

Command Line

Backup Primaries

Description

Command Line

Caches Tab

Passwords Tab

Description

Adding Entries to the Password Cache

Command Line

Tokens Tab

Description

Command Line

B.  Secure Global Desktop Server Settings

C.  User Profiles, Applications, and Application Servers

D.  Commands

E.  Login Scripts

F.  Third-Party Legal Notices

Glossary

Index

Application Authentication Tab

Settings on the Application Authentication tab control the user experience when starting applications.

From the command line, use the tarantella config list command to list these settings, and the tarantella config edit command to edit these settings.

Changes to these attributes take effect immediately.

This tab contains the following sections:

Password Cache Usage

Usage: Select or deselect the check box.

Description

Whether to try the password the user typed for the SGD server, if it is stored in the password cache, as the password for the application server.

SGD server passwords might be stored in the cache if some applications are configured to run on the SGD host, or if Password Cache is selected.

This attribute can be overridden by an application server object’s Password Cache Usage attribute.

Command Line

Command option: --launch-trycachedpassword 1 | 0

Usage: Specify 1 (true) or 0 (false).

The following example uses the SGD password stored in the password cache when authenticating to an application server.

--launch-trycachedpassword 1

Action When Password Expired

Usage: Select an option.

Description

The action to take if the user’s password has expired on the application server.

The command line options and their Administration Console equivalents are shown in the following table.

Administration Console
Command Line
Description
Authentication Dialog
dialog
Show an SGD authentication dialog.
Aged Password Handler
manual
Show a terminal window, where the user can change their password.
Launch Failure
none
Take no further action. Treat as a startup failure.

For Windows applications, the Terminal Server handles the authentication process. No information is returned to SGD indicating whether authentication succeeds or fails. This means that once SGD has cached a user name and password for the Windows application server, SGD never displays the authentication dialog again unless the user holds down the Shift key when they click an application’s link, or an Administrator deletes the user’s entry from the password cache.

Command Line

Command option: --launch-expiredpassword manual | dialog | none

Usage: Specify an option.

In the following example, the user can change their password using a terminal window.

--launch-expiredpassword manual

Smart Card Authentication

Usage: Select or deselect the check box.

Description

Enable users to log in to a Microsoft Windows application server with a smart card.

Command Line

Command option: --launch-allowsmartcard 1 | 0

Usage: Specify 1 (true) or 0 (false).

The following example enables users to log in using a smart card.

--launch-allowsmartcard 1

Dialog Display

Usage: Select or deselect the check boxes.

Description

Controls when the application server’s authentication dialog is displayed. The check boxes are inter-related, enabling you to select from three possible options.

The command line options and their Administration Console equivalents are shown in the following table.

Administration Console
Command Line
Description
On Shift-Click (selected)

On Password Problem (selected)

user
Show the authentication dialog if the user holds down the Shift key when they click an application’s link, or if there is a password problem.
On Shift-Click (deselected)

On Password Problem (selected)

system
Only show the authentication dialog when there is a password problem.
On Shift-Click (deselected)

On Password Problem (deselected)

none
Never show the authentication dialog.

For Windows applications, it is the Terminal Server handles the authentication process. No information is returned to SGD indicating whether authentication succeeds or fails. This means that once SGD has cached a user name and password for the Windows application server, SGD never displays the authentication dialog again unless the user holds down the Shift key when they click an application’s link, or an Administrator deletes the user’s entry from the password cache.

Command Line

Command option: --launch-showauthdialog user | system | none

Usage: Specify an option.

In the following example, the application server’s authentication dialog is shown if you hold down the Shift key and click a link to start an application, or if there is a problem with the password.

--launch-showauthdialog user

“Save Password” Box

Usage: Select or deselect the check boxes.

Description

Two attributes that control the initial state of the Save Password check box in the application server authentication dialog and whether users can change it.

If users cannot change the setting, the Initially Checked attribute determines whether users can save passwords in the application server password cache.

Command Line

Command option: --launch-savepassword-initial checked | unchecked

Command option: --launch-savepassword-state enabled | disabled

Usage: Specify a valid option.

In the following example, the initial state of the Save Password check box is selected. Users can change this setting.

--launch-savepassword-initial checked
--launch-savepassword-state enabled

“Always Use Smart Card” Box

Usage: Select or deselect the check boxes.

Description

Two attributes that control the initial state of the Always Use Smart Card check box in the application server authentication dialog box and whether users can change it.

If users cannot change the setting, the Initially Checked attribute determines whether the user’s decision to always use smart card authentication is cached.

Command Line

Command option: --launch-alwayssmartcard-initial checked|unchecked

Command option: --launch-alwayssmartcard-state enabled|disabled

Usage: Specify a valid option.

In the following example, the initial state of the Always Use Smart Card check box is selected. Users can change to this setting.

--launch-alwayssmartcard-initial checked
--launch-alwayssmartcard-state enabled

Display Delay

Usage: Enter a time period, measured in seconds, in the field.

Description

The delay in seconds before showing the Application Launch dialog to users.

Command Line

Command option: --launch-showdialogafter secs

Usage: Replace secs with the delay, measured in seconds.

In the following example, the Application Launch dialog is displayed after two seconds.

--launch-showdialogafter 2

“Launch Details” Pane

Usage: Select or deselect the check boxes.

Description

Attributes that control the initial display state of the Launch Details area of the Application Launch dialog, whether users can change it and whether to show the Launch Details area if an application startup fails.

If users cannot change the setting, the Showed by Default attribute determines whether the users see the application launch details.

Command Line

Command option: --launch-details-initial hidden | shown

Command option: --launch-details-state enabled | disabled

Command option: --launch-details-showonerror 1 | 0

Usage: Specify a valid option.

In the following example, the initial state of the Launch Details area is hidden. Users can change this setting. The Launch Details area is shown if the application fails to start.

--launch-details-initial hidden
--launch-details-state enabled
--launch-details-showonerror 1