8.6 Configuring Smart Card Services
Prev Chapter 8 Smart Card Services Next

8.6 Configuring Smart Card Services

8.6.1 How to Configure Primary Smart Card Readers for Hotdesking and Authentication
8.6.2 How to Configure External CCID-Compliant USB Smart Card Readers for Authentication (Oracle Solaris)
8.6.3 How to Add a Smart Card Configuration File
8.6.4 How to Change the Smart Card Probe Order
8.6.5 How to Change the Smart Card Bus Protocol (Oracle Solaris)

This section provides the various procedures needed to configure smart card services on a Sun Ray server, so users can use smart cards on their desktop clients for hotdesking and authentication.

8.6.1 How to Configure Primary Smart Card Readers for Hotdesking and Authentication

This procedure describes how to configure smart card services for the primary smart card reader on a desktop client, which is the internal smart card reader on a Sun Ray Client or the configured smart card reader connected to a client computer running Oracle Virtual Desktop Client. To configure a smart card reader on Oracle Virtual Desktop Client, you need to use the Smart Card setting to enable smart card access and to choose the smart card reader if there is more than one connected. Once configured, the smart card reader uses the scbus channel and is handled just like the internal smart card reader on a Sun Ray Client.

  1. Become superuser on the Sun Ray server.

  2. Enable smart card services for the primary smart card reader.

    By default, smart card services for the primary smart card reader is enabled. You can use the utdevadm command to display which services are enabled or disabled. If smart card services are disabled, use the following steps to enable it. 

    # /opt/SUNWut/sbin/utdevadm -e -s internal_smartcard_reader
    Note

    You can also use the Admin GUI to enable smart card services. Select the Internal Smart Card Reader option on the Advanced > Security page.

  3. (Oracle Solaris only) To gain the latest smart card services functionality, including support for Oracle Virtual Desktop Clients, make sure the scbus v2 protocol is enabled.

    The scbus v1 protocol is enabled by default. See Section 8.6.5, “How to Change the Smart Card Bus Protocol (Oracle Solaris)” for details.

  4. Restart Sun Ray services. 

    # /opt/SUNWut/sbin/utstart -c

  5. (Windows connector) To enable the smart card reader for the Windows desktop, use the -r scard:on of the uttsc command.

    See Section 17.13, “Smart Cards” for more details.

8.6.2 How to Configure External CCID-Compliant USB Smart Card Readers for Authentication (Oracle Solaris)

This procedure describes how to configure smart card services for external CCID-compliant USB smart card readers connected to a Sun Ray Client or a client computer running Oracle Virtual Desktop Client. CCID-compliant USB smart card readers are redirected through the Windows RDP smart card channel, which enables the smart card to be used for Windows session authentication.

This procedure applies only to Sun Ray servers running Oracle Solaris, because the CCID IFD handler software is not supported on Sun Ray servers running Oracle Linux.

Note

You can use external USB smart card readers that are not CCID-compliant, but they will be redirected to the Windows desktop through USB redirection. Because USB redirection is available after the user logs in, those smart card readers cannot be used for Windows authentication.

  1. Become superuser on the Sun Ray server.

  2. Enable USB devices on the Sun Ray server.

    By default, external USB device services are enabled. You can use the utdevadm command to display which services are enabled or disabled. If USB devices disabled, use the following steps to enable it. 

    # /opt/SUNWut/sbin/utdevadm -e -s usb
    Note

    You can also use the Admin GUI to enable smart card services. Select the USB Port option on the Advanced > Security page.

  3. To gain the latest smart card services functionality, including support for Oracle Virtual Desktop Clients, make sure the scbus v2 protocol is enabled.

    The scbus v1 protocol is enabled by default. See Section 8.6.5, “How to Change the Smart Card Bus Protocol (Oracle Solaris)” for details.

  4. Install the CCID IFD handler software.

    See Section 8.9, “CCID IFD Handler for External USB Smart Card Readers (Oracle Solaris)” for installation and troubleshooting information.

  5. Restart Sun Ray services. 

    # /opt/SUNWut/sbin/utstart -c

  6. (Windows connector) To enable the smart card reader for the Windows desktop, use the -r scard:on of the uttsc command.

    See Section 17.13, “Smart Cards” for the additional steps to configure smart card services on a Windows system.

8.6.3 How to Add a Smart Card Configuration File

This procedure describes how to add a smart card configuration file to the Sun Ray data store. Once added, the configuration file is automatically assigned the last position in the smart card probe order.

  1. Become superuser on the Sun Ray server.

  2. Copy the smart card configuration file to the /etc/opt/SUNWut/smartcard directory.

    The file name must end with a .cfg suffix.

  3. Add the smart card configuration file. 

    # /opt/SUNWut/sbin/utcard -a filename

  4. Restart the Sun Ray services. 

    # /opt/SUNWut/sbin/utstart -c

  5. Verify that the card was added. 

    # /opt/SUNWut/sbin/utcard -l

8.6.4 How to Change the Smart Card Probe Order

Admin GUI Steps

  1. Click the Advanced tab.

  2. Click the Card Probe Order subtab.

  3. Change the order of the smart cards.

  4. Click Set Probe Order.

  5. Click Cold Restart on the Servers page to restart Sun Ray services.

Command Line Steps

  1. Become superuser on the Sun Ray server.

  2. List the current order of the smart cards. 

    # /opt/SUNWut/sbin/utcard -l

  3. Change the probe order of a smart card. 

    # /opt/SUNWut/sbin/utcard -r name,version,new-position

  4. Restart the Sun Ray services for the new order to take effect. 

    # /opt/SUNWut/sbin/utstart -c

8.6.5 How to Change the Smart Card Bus Protocol (Oracle Solaris)

Note

The scbus v2 protocol is the default protocol for Oracle Linux and it cannot be changed.

By default, scbus v1 is enabled on a Sun Ray server running Oracle Solaris. Choose the scbus version based on your environment:

  • scbus v1 - Specify if managing Sun Ray Clients running Sun Ray Software 5.2 firmware or earlier.

  • scbus v2 - Specify if managing Sun Ray Clients running Sun Ray Operating Software 11.0 or later or if managing Oracle Virtual Desktop Clients version 3.1 or later.

Admin GUI Steps

  1. Click the Advanced tab.

  2. Click the Security subtab.

  3. In the Devices section, choose the scbus version in the Internal Smart Card Reader field under the Devices section.

  4. Click Save.

  5. Click Cold Restart on the Servers page to restart Sun Ray services.

Command Line Steps

  1. Become superuser on the Sun Ray server.

  2. Change the smart card bus protocol. 

    # /opt/SUNWut/sbin/utdevadm -p scbus -v version-number

    where version-number can be v1 or v2. You can use the -p scbus with no other options to view the current scbus version set on the Sun Ray server.

  3. Restart the Sun Ray services for the new protocol to take effect. 

    # /opt/SUNWut/sbin/utstart -c
Prev Up Next
8.5 Hotdesking with Smart Cards Home 8.7 Configuring Access to Smart Card Readers
Oracle logo

Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices