8.8. Setting Up External USB Smart Card Readers
Prev Chapter 8. Smart Card Services Next

8.8. Setting Up External USB Smart Card Readers

8.8.1. Installation
8.8.2. Uninstallation
8.8.3. Known Problems and Limitations

Sun Ray Software supports the CCID IFD handler V1.3.10, which provides access to external CCID-compliant USB smart card readers connected to Sun Ray Clients. CCID IFD handler V1.3.10 is a Sun Ray implementation of the Interface Device Handler (IFD) for the PC/SC-lite API. When used in conjunction with the smart card services provided by the Sun Ray Software, this CCID IFD handler enables PC/SC-compliant applications and middleware to use external USB smart card readers on Sun Ray Clients.

The scbus v1 protocol must be enabled, because the scbus v2 protocol does not work with external USB smart card readers connected to Sun Ray Clients. Also, the CCID IFD handler is not supported on Sun Ray servers running Oracle Linux.

8.8.1. Installation

Follow these instructions to install the CCID IFD handler.

Note

To install the CCID IFD handler in an Oracle Solaris Trusted Extensions environment, perform the installation as root from ADMIN_LOW (global zone).

  1. Download and unpack the CCID IFD handler.

    Note

    The CCID IFD Handler is not provided with the Sun Ray Software 5.3 release. However, you can download the PC/SC-lite 1.3 component from the 5.1.1 Media Pack, which includes the CCID IFD Handler v1.3.10 distribution. Only the CCID IFD handler needs to be installed. PC/SC-lite is already installed with Sun Ray Software 5.3.

  2. Become superuser on the Sun Ray server.

  3. Install the CCID IFD handler: 

    # svcadm disable pcscd
# /usr/sbin/pkgadd -d . SUNWusb-scrdr
# svcadm enable pcscd

8.8.2. Uninstallation

Follow these instructions to remove the CCID IFD handler.

Note

To uninstall the CCID IFD handler from an Oracle Solaris Trusted Extensions environment, perform the uninstallation as root from ADMIN_LOW (global zone).

  1. Become superuser on the Sun Ray server.

  2. Uninstall the CCID IFD handler: 

    # svcadm disable pcscd
# /usr/sbin/pkgrm SUNWusb-scrdr
# svcadm enable pcscd

8.8.3. Known Problems and Limitations

8.8.3.1. Session Mobility, Resetting, or Power-cycling a Sun Ray Client Can Freeze Applications
8.8.3.2. PC/SC-lite USB Enumeration Delays on Clients
8.8.3.3. Enumeration Delay Causes Problems for Some Applications

8.8.3.1. Session Mobility, Resetting, or Power-cycling a Sun Ray Client Can Freeze Applications

Session mobility, resetting, or power-cycling the Sun Ray Client while using an external smart card reader is not supported in this release and can cause applications to freeze, or simply to lose track of the external reader.

8.8.3.2. PC/SC-lite USB Enumeration Delays on Clients

Currently, there is a delay of a few seconds before external USB readers become visible to PC/SC-lite client applications. This delay occurs whenever a PC/SC-lite instance is started for a user session as well as any other time the USB bus needs to be re-enumerated. Specifically, an enumeration delay where external USB readers are not immediately visible to an application occur under the following circumstances:

  • The first time a PC/SC-lite instance is started. That is, when an application attempts to access PC/SC-lite from within a given session for the first time.

  • Whenever a PC/SC-lite instance is automatically restarted after the PC/SC-lite self-terminates due to an idle period of inactivity. This is similar to the first case.

  • Whenever a Session Mobility event occurs, it causes a delay in reader visibility while external USB readers on the target Sun Ray Client are re-enumerated. Session Mobility is not currently supported by the CCID IFD handler for external USB readers on Sun Rays Clients.

  • Resetting or power-cycling the Sun Ray Client in a Sun Ray session.

8.8.3.3. Enumeration Delay Causes Problems for Some Applications

Certain applications, such as the Windows Smart Card login over the Windows connector, are not designed to accommodate enumeration delays associated with the USB hotplug model. Such applications do not see readers that appear after they have initially scanned the PC/SC-lite reader list. In other words, readers that appear late may be missed by an application due to any of the scenarios described above.

Sometimes applications will use the first reader they find. On Sun Ray Clients, this is invariably the internal reader, unless that reader has been disabled with the following command: 

# utdevadm -d -s internal_smartcard_reader

An additional solution is to ensure that the USB reader list is visible to the application before the application scans the reader list. One way to address this is by preventing PC/SC-lite instances from timing out after a pre-specified idle period. You can disable the instance timeout by editing the /etc/smartcard/pcscd-SunRay.conf file and changing the INSTANCE_TIMEOUT parameter to -1. The shipping default value is 600 seconds (10 minutes).

When you disable inactivity timeouts by changing INSTANCE_TIMEOUT, PC/SC-lite instances stay around until the user's session is terminated, which can mean that many PC/SC-lite processes may be in the process table, using system resources.

We currently have no data on how much of an impact that might cause as the number of user sessions on a system grows (i.e., we have insufficient data on how that scales). In many cases, it may not be a problem at all, except that the process table will be more cluttered with inactive processes than otherwise.

Prev Up Next
8.7. Troubleshooting Smart Card Services Home Chapter 9. Hotdesking
Oracle logo

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices