Exit Print View

Oracle Secure Global Desktop Administration Guide for Version 4.6

Document Information

Preface

1.  Networking and Security

2.  User Authentication

3.  Publishing Applications to Users

4.  Configuring Applications

5.  Client Device Support

6.  SGD Client and Webtop

7.  SGD Servers, Arrays, and Load Balancing

A.  Global Settings and Caches

Secure Global Desktop Authentication Tab

The Authentication Wizard

Token Generation

Description

Command Line

Password Cache

Description

Command Line

Third-Party Authentication

Description

Command Line

System Authentication

Description

Command Line

Search Local Repository

Description

Command Line

Search LDAP Repository

Description

Command Line

Use Default Third-Party Identity

Description

Command Line

Use Default LDAP Profile

Description

Command Line

Use Closest Matching LDAP Profile

Description

Command Line

LDAP/Active Directory

Description

Command Line

Unix

Description

Command Line

Authentication Token

Description

Command Line

Windows Domain Controller

Description

Command Line

SecurID

Description

Command Line

Anonymous

Description

Command Line

Search Unix User ID in Local Repository

Description

Command Line

Search Unix Group ID in Local Repository

Description

Command Line

Use Default User Profile

Description

Command Line

Windows Domain

Description

Command Line

Active Directory

Description

Command Line

LDAP

Description

Command Line

Service Objects Tab

The Service Objects List Table

Name

Type

Enabled

URLs

User Name and Password

Connection Security

Active Directory Base Domain

Active Directory Default Domain

Application Authentication Tab

Password Cache Usage

Description

Command Line

Action When Password Expired

Description

Command Line

Smart Card Authentication

Description

Command Line

Dialog Display

Description

Command Line

"Save Password" Box

Description

Command Line

"Always Use Smart Card" Box

Description

Command Line

Display Delay

Description

Command Line

"Launch Details" Pane

Description

Command Line

Communication Tab

Unencrypted Connections Port

Description

Command Line

Encrypted Connections Port

Description

Command Line

AIP Keepalive Frequency

Description

Command Line

Timeout for User Session Resumability

Description

Command Line

Timeout for General Resumability

Description

Command Line

Resource Synchronization Service

Description

Command Line

User Session Idle Timeout

Description

Command Line

Performance Tab

Application Session Load Balancing

Description

Command Line

Application Load Balancing

Description

Command Line

Client Device Tab

Windows Client Drive Mapping

Description

Command Line

Unix Client Drive Mapping

Description

Command Line

Dynamic Drive Mapping

Description

Command Line

Windows Audio

Description

Command Line

Windows Audio Sound Quality

Description

Command Line

Unix Audio

Description

Command Line

Unix Audio Sound Quality

Description

Command Line

Smart Card

Description

Command Line

Serial Port Mapping

Description

Command Line

Copy and Paste

Description

Command Line

Client's Clipboard Security Level

Description

Command Line

Time Zone Map File

Description

Command Line

Editing

Description

Command Line

Printing Tab

Client Printing

Description

Command Line

Universal PDF Printer

Description

Command Line

Make Universal PDF Printer the Default

Description

Command Line

Universal PDF Viewer

Description

Command Line

Make Universal PDF Viewer the Default

Description

Command Line

Postscript Printer Driver

Description

Command Line

Security Tab

New Password Encryption Key

Description

Command Line

Timeout for Print Name Mapping

Description

Command Line

Connection Definitions

Description

Command Line

X Authorization for X Display

Description

Command Line

Monitoring Tab

Log Filter

Description

Command Line

Billing Service

Description

Command Line

Resilience Tab

Array Failover

Description

Command Line

Monitor Interval

Description

Command Line

Monitor Attempts

Description

Command Line

Find Primary Interval

Description

Command Line

Find Primary Attempts

Description

Command Line

Action When Failover Ends

Description

Command Line

Backup Primaries

Description

Command Line

Caches Tab

Passwords Tab

Description

Adding Entries to the Password Cache

Command Line

Tokens Tab

Description

Command Line

B.  Secure Global Desktop Server Settings

C.  User Profiles, Applications, and Application Servers

D.  Commands

E.  Login Scripts

F.  Third-Party Legal Notices

Glossary

Index

Secure Global Desktop Authentication Tab

Use the settings on the Secure Global Desktop Authentication tab to control how users log in to SGD. The settings apply to all SGD servers in the array. Changes to the settings take effect immediately.

From the command line, use the tarantella config list command to list these settings, and the tarantella config edit command to edit these settings.

User authentication can be performed by an external authentication mechanism (third-party authentication), or SGD can perform the authentication using a specified repository (system authentication).

The Secure Global Desktop Authentication tab contains the following sections:

The Authentication Wizard

The Authentication Wizard guides you through the process of setting up authentication for SGD users. The number of steps shown in the Authentication Wizard depend on the choices you make as you work though the Wizard.

The available steps in the Authentication Wizard are as follows:

Token Generation

Usage: Select or deselect the check box.

Description

Whether to create authentication tokens for users so they can log in automatically to SGD.

To ensure that an authentication token cannot be intercepted and used by a third party, use secure Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) web servers and enable SGD security services.

Command Line

Command option: --login-autotoken 1 | 0

Usage: Specify 1 (true) or 0 (false).

The following example enables generation of authentication tokens for users.

--login-autotoken 0

Password Cache

Usage: Select or deselect the check box.

Description

Whether to save the user name and password that the user types to log in to SGD in the password cache.

If you are using SecurID authentication, do not save the user name and password, as SecurID passwords cannot be reused.

SGD cannot store the user names and passwords of users authenticated with third-party authentication.

Command Line

Command option: --launch-savettapassword 1 | 0

Usage: Specify 1 (true) or 0 (false).

The following example saves user log in details in the password cache.

--launch-savettapassword 1

Third-Party Authentication

Usage: Select or deselect the check box.

Description

Select the check box to enable third-party authentication.

This attribute enables you to give access to SGD to users who have been authenticated by a third-party mechanism, such as web server authentication.

Command Line

Command option: --login-thirdparty 1 | 0

Usage: Specify 1 (true) or 0 (false).

The following example disables third-party authentication.

--login-thirdparty 0

System Authentication

Usage: Select or deselect the check box.

Description

Specifies that user authentication is done by the SGD server. Selecting this option enables the Wizard screens for system authentication settings.

Command Line

There is no command line equivalent for this attribute.

Search Local Repository

Usage: Select or deselect the check box.

Description

This attribute specifies a search method used by SGD to determine the identity and user profile of a user who has been authenticated by a third-party authentication mechanism.

This search method searches for the user identity in the local repository and then uses the matching user profile.

If additional search methods are selected, the search methods are used in the order shown. However, third-party authentication does not support ambiguous users and so the first match found is used.

If the searches do not produce a match, the standard login page is displayed and the user must log in to SGD in the normal way.

Command Line

Command option: --login-thirdparty-ens 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, searching the local repository for a matching user profile is disabled.

--login-thirdparty-ens 0

Search LDAP Repository

Usage: Select or deselect the check box.

Description

Specifies that the LDAP repository is searched to find the user identity for a user who has been authenticated by a third-party authentication mechanism.

The search method used is defined by the Use Default LDAP Profile or Use Closest Matching LDAP Profile attribute.

Command Line

There is no command line equivalent for this attribute.

Use Default Third-Party Identity

Usage: Select or deselect the check box.

Description

This attribute specifies a search method used by SGD to determine the identity and user profile of a user who has been authenticated by a third-party authentication mechanism.

This search method does not perform a search. The user identity is the third-party user name. The third-party user profile, System Objects/Third Party Profile, is used.

If additional search methods are selected, the search methods are used in the order shown. However, third-party authentication does not support ambiguous users and so the first match found is used.

If the searches do not produce a match, the standard login page is displayed and the user must log in to SGD in the normal way.

Command Line

Command option: --login-thirdparty-nonens 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, using the default user profile is disabled.

--login-thirdparty-nonens 0

Use Default LDAP Profile

Usage: Select the option.

Description

This attribute specifies a search method used by SGD to determine the identity and user profile of a user who has been authenticated by a third-party authentication mechanism.

This search method searches for the user identity in an LDAP repository and then uses the default LDAP user profile, System Objects/LDAP Profile.

If additional search methods are selected, the search methods are used in the order shown. However, third-party authentication does not support ambiguous users and so the first match found is used.

If the searches do not produce a match, the standard login page is displayed and the user must log in to SGD in the normal way.

Command Line

Command option: --login-ldap-thirdparty-profile 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, searching LDAP and using the default LDAP profile is disabled.

--login-ldap-thirdparty-profile 0

Use Closest Matching LDAP Profile

Usage: Select the option.

Description

This attribute specifies a search method used by SGD to determine the identity and user profile of a user who has been authenticated by a third-party authentication mechanism.

This search method searches for the user identity in an LDAP repository and then uses the closest matching user profile in the local repository, allowing for differences between the LDAP and SGD naming systems.

SGD searches for the following until a match is found:

If additional search methods are selected, the search methods are used in the order shown. However, third-party authentication does not support ambiguous users and so the first match found is used.

If the searches do not produce a match, the standard login page is displayed and the user must log in to SGD in the normal way.

Command Line

Command option: --login-ldap-thirdparty-ens 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, searching LDAP and using the closest matching LDAP profile is disabled.

--login-ldap-thirdparty-ens 0

LDAP/Active Directory

Usage: Select or deselect the check box.

Description

Specifies that an LDAP directory server or Active Directory server is used for authentication.

Selecting this option enables the Wizard screen where you can type in LDAP directory server or Active Directory server details.

Command Line

There is no command line equivalent for this attribute.

Unix

Usage: Select or deselect the check box.

Description

Enables UNIX authentication.

Selecting this option enables the Wizard screen where you can configure UNIX authentication settings.

Command Line

There is no command line equivalent for this attribute.

Authentication Token

Usage: Select or deselect the check box.

Description

Enables authentication using an authentication token.

Authentication using an authentication token can only be used when the SGD Client is operating in Integrated mode.

Command Line

Command option: --login-atla 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, authentication using an authentication token is disabled.

--login-atla 0

Windows Domain Controller

Usage: Select or deselect the check box.

Description

Enables authentication against a Windows domain controller.

Command Line

Command option: --login-nt 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, Windows Domain Controller authentication is disabled.

--login-nt 0

SecurID

Usage: Select or deselect the check box.

Description

Enables users with RSA SecurID tokens to log in to SGD.

Command Line

Command option: --login-securid 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, SecurID authentication is disabled.

--login-securid 0

Anonymous

Usage: Select or deselect the check box.

Description

Enables users to log in to SGD without supplying a user name and password.

Command Line

Command option: --login-anon 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, anonymous user authentication is disabled.

--login-anon 0

Search Unix User ID in Local Repository

Usage: Select or deselect the check box.

Description

Specifies a search method used to find the user profile for an authenticated UNIX system user. Select this attribute to search for the user identity in the local repository and use the matching user profile.

Command Line

Command option: --login-ens 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, searching for the UNIX User ID in the local repository is enabled.

--login-ens 1

Search Unix Group ID in Local Repository

Usage: Select or deselect the check box.

Description

Specifies a search method used to find the user profile for an authenticated UNIX system user. Select this attribute to use the UNIX user identity and search for a user profile in the local repository that matches the user’s UNIX Group ID.

Command Line

Command option: --login-unix-group 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, searching for the UNIX Group ID in the local repository is enabled.

--login-unix-group 1

Use Default User Profile

Usage: Select or deselect the check box.

Description

Specifies a search method used to find the user profile for an authenticated UNIX system user. Select this attribute to use the default UNIX user profile, System Objects/UNIX User Profile, for the authenticated user.

Command Line

Command option: --login-unix-user 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, using the default UNIX user profile (System Objects/UNIX User Profile) is enabled.

--login-unix-user 1

Windows Domain

Usage: Type the Windows domain name in the field.

Description

The name of the domain controller used for Windows domain authentication.

Command Line

Command option: --login-nt-domain dom

Usage: Replace dom with the name of the Windows domain controller used to authenticate users.

In the following example, users are authenticated with the Windows domain controller sales.indigo-insurance.com.

--login-nt-domain sales.indigo-insurance.com

Active Directory

Usage: Select the option.

Description

Enables Active Directory authentication.

Command Line

Command option: --login-ad 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, Active Directory authentication is enabled.

--login-ad 1

LDAP

Usage: Select the LDAP option.

Description

Enables LDAP authentication.

Command Line

Command option: --login-ldap 1 | 0

Usage: Specify 1 (true) or 0 (false).

In the following example, LDAP authentication is enabled.

--login-ldap 1