7.3. Tokens

7.3.1. Registering Tokens
7.3.2. How to Register a Token
7.3.3. How to Register a Pseudo-Token
7.3.4. How to Enable, Disable, or Delete a Token

As described earlier, the Authentication Manager implements the chosen policies for identifying and authenticating users on Sun Ray Clients. Tokens are the key piece for this process.

Sun Ray tokens are authentication keys used to associate a session with a user. A token is a string that consist of a token type and an identifier. If a user inserts a smart card into a client, the card's type and identifier are used as the token (for example mondex.9998007668077709). If the user is not using a smart card, the token type pseudo and the client's identifier (MAC address) are supplied as the token (for example pseudo.080020861234).

The initial token is used to check access rights and to determine the user's session. During this process, the token is eventually translated into other token types (such as escape token, auth token, etc.) used internally by the Sun Ray system. As an administrator, you rarely need to deal with these internal token types, focusing instead on the initial tokens provided on smart cards or as pseudo-tokens.

7.3.1. Registering Tokens

You can also register smart card tokens and pseudo-tokens in the Sun Ray data store to assign them to specific users (also known as token owners).

Although it requires more setup and administration to register smart cards, there a number of reasons to register tokens:

  • Storing the owner's name as well as any other information that helps you to manage tokens in your organization.

  • Creating alias tokens to enable users to access the same session with multiple tokens. For example, if a user loses a smart card, you can register a new smart card as a replacement. This will be an alias token.

  • Overriding the group-wide kiosk mode setting specified on the System Policy page. If kiosk mode functionality has been configured on your system, you can also specify, for each token, whether the user should be directed to a regular (non-kiosk) session or a Kiosk session when the token is inserted.

Much like the utuser command, the Tokens tab in the Admin GUI lists all tokens currently registered in the Sun Ray data store. You can search for specific tokens by entering a search string that includes parts of either the token identifier, owner, or other information. The Search menu enables you to limit the scope of the search further, so that it is also possible to display all currently used tokens, regardless of their registration.

The Policy tab (under the Advanced tab) makes it possible to define high-level access rules for either smart card access or pseudo-token access as well as access rights for registered tokens (see the Policy help page).

You can administer tokens through the utuser command or the Admin GUI.

7.3.2. How to Register a Token

This procedure describes how to register a token using the Admin GUI.

  1. Click the Tokens tab.

  2. Select a token to display that token's properties.

  3. Click New.

  4. Type an identifier or select a token reader.

7.3.3. How to Register a Pseudo-Token

This procedure describes how to register a pseudo-token with the Admin GUI.

  1. Click the Desktop Units tab.

  2. Select any Desktop Unit Identifier to view properties for that client.

  3. On the Desktop Unit Properties page, click View Token Details.

  4. Click Edit to display the Edit Token Properties page.

  5. Provide details such as ownership and to specify a session type: Default, Kiosk, or Regular.

7.3.4. How to Enable, Disable, or Delete a Token

This procedure describes how to enable, disable, or delete a token with the Admin GUI.

  1. Select the token's identifier on the Token Properties page.

  2. Click Enable, Disable, or Delete.