SafeNet Authentication Client

Similar documents
SafeNet Authentication Client

SafeNet Authentication Client

SafeNet Authentication Client

SafeNet Authentication Client

SafeNet Authentication Client

SafeNet Authentication Client

SafeNet Authentication Client

SafeNet Authentication Client

SafeNet Authentication Client

SafeNet Authentication Client

SafeNet Authentication Client

SafeNet Authentication Service Agent for Cisco AnyConnect Client. Installation and Configuration Guide

SafeNet Authentication Service. Service Provider Billing and Reporting Guide

SafeNet Authentication Service. Java Authentication API Developer Guide

SafeNet Authentication Service

SafeNet Authentication Service Authentication API for Microsoft.Net. Developer Guide

SafeNet Authentication Service

SafeNet Authentication Service

SafeNet Authentication Service

SafeNet Authentication Service

SafeNet Authentication Service

SafeNet Authentication Service

SafeNet Authentication Service

SafeNet Authentication Manager

Integration Guide. SafeNet Authentication Client. Using SAC CBA for VMware Horizon 6 Client

SafeNet MobilePASS+ for Android. User Guide

SafeNet Authentication Service Token Validator Proxy Agent. Installation and Configuration Guide

SafeNet Authentication Manager

SafeNet MobilePKI for BlackBerry V1.2. Administration Guide

SafeNet Authentication Service (SAS) Service Provider Billing and Reporting Guide

SafeNet Authentication Service

SafeNet Authentication Manager

Integration Guide. SafeNet Authentication Client. Using SAC CBA with BitLocker

SafeNet Authentication Service

Sentinel EMS 4.1. Release Notes

SafeNet Authentication Service

SafeNet Authentication Service Agent for Microsoft Outlook Web App. Installation and Configuration Guide

SafeNet Authentication Service

SafeNet Authentication Manager

SafeNet Authentication Service (SAS) SAML Authentication Quick Start Guide

SafeNet Authentication Service

Integration Guide. SafeNet Authentication Client. Using SAC CBA with Juniper Junos Pulse

SafeNet Authentication Service. Push OTP Solution Guide

SafeNet Authentication Manager

SUPPORT MATRIX. HYCU OMi Management Pack for Citrix

SafeNet Authentication Service

Product Description. SafeSign Identity Client Standard Version 2.3 for MAC OS X 10.4

SUPPORT MATRIX. Comtrade OMi Management Pack for Citrix

Release Notes. BlackBerry Enterprise Identity

SafeNet Authentication Service. Service Provider Quick Start Guide

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for Tableau Server

BlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0 Maintenance Release: 1. Release Notes

Integration Guide. SafeNet Authentication Manager. Using RADIUS Protocol for Citrix NetScaler 10.5

Integration Guide. SafeNet Authentication Manager. Using SafeNet Authentication Manager with Citrix XenApp 6.5

SafeSign Identity Client Standard

STEVAL-SPBT4ATV3. USB dongle for the Bluetooth class 1 SPBT2632C1A.AT2 module. Features. Description

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with Microsoft DirectAccess

Terms of Use. Changes. General Use.

GCR410 / GCR410-P. Application Note. Version 1.0

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for Okta

Quick Start Guide. BlackBerry Workspaces app for Android. Version 5.0

AN2667 Application note

Release Notes. BlackBerry UEM Client for Android Version

Integration Guide. SafeNet Authentication Manager. SAM using RADIUS Protocol with SonicWALL E-Class Secure Remote Access

MyCreditChain Terms of Use

SafeNet Authentication Service PCE/SPE with Support for HSM PSE 2 Integration. Feature Documentation

Identity and Authentication PKI Portfolio

One Identity Active Roles 7.2

STEVAL-CCM002V1. TFT-LCD panel demonstration board based on the STM32 as LCD controller. Features. Description

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for SonicWALL Secure Remote Access

STEVAL-PCC010V1. ST802RT1A Ethernet PHY demonstration board with STM32F107 controller add-on board. Features. Description

Integration Guide. SafeNet Authentication Manager. Using SAM as an Identity Provider for PingFederate

Installation and Configuration Guide

Version 9 Release 0. IBM i2 Analyst's Notebook Premium Configuration IBM

If the firmware version indicated is earlier than the "Version 1.06", please update the unit s firmware.

Integration Guide. SafeNet Authentication Service. Strong Authentication for Citrix Web Interface 4.6

AN4113 Application note

EAM Portal User's Guide

Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

A comprehensive security solution for enhanced mobility and productivity

One Identity Starling Two-Factor AD FS Adapter 6.0. Administrator Guide

AN2672 Application note

Quick Reference. Good for Enterprise to BlackBerry Work Using Good Control Transition Guide

AN2676 Application note

Compatibility Matrix. BlackBerry UEM. March 26, 2018

One Identity Starling Two-Factor Desktop Login 1.0. Administration Guide

SafeNet Authentication Service Synchronization Agent. Configuration Guide

SDLC INTELLECTUAL PROPERTY POLICY

Main components USB charging controller with integrated power switch

Version 9 Release 0. IBM i2 Analyst's Notebook Configuration IBM

Firmware Update Guide

IBM. IBM i2 Analyze Windows Upgrade Guide. Version 4 Release 1 SC

Secure Held Print Jobs

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Better MDM

US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

Compatibility Matrix. Good Control and Good Proxy. June 4, 2018

Mile Terms of Use. Effective Date: February, Version 1.1 Feb 2018 [ Mile ] Mileico.com

SafeNet Authentication Manager. Integration Guide. Using SAM as an Identity Provider for Dropbox

Integration Guide. SafeNet Authentication Service. Protecting Microsoft Internet Security and Acceleration (ISA) Server 2006 with SAS

Symantec Managed PKI. Integration Guide for AirWatch MDM Solution

Transcription:

SafeNet Authentication Client Integration Guide

All information herein is either public information or is the property of and owned solely by Gemalto and/or its subsidiaries who shall have and keep the sole right to file patent applications or any other kind of intellectual property protection in connection with such information. Nothing herein shall be construed as implying or granting to you any rights, by license, grant or otherwise, under any intellectual and/or industrial property rights of or concerning any of Gemalto s information. This document can be used for informational, non-commercial, internal and personal use only provided that: The copyright notice below, the confidentiality and proprietary legend and this full warning notice appear in all copies. This document shall not be posted on any network computer or broadcast in any media and no modification of any part of this document shall be made. Use for any other purpose is expressly prohibited and may result in severe civil and criminal liabilities. The information contained in this document is provided AS IS without any warranty of any kind. Unless otherwise expressly agreed in writing, Gemalto makes no warranty as to the value or accuracy of information contained herein. The document could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Furthermore, Gemalto reserves the right to make any change or improvement in the specifications data, information, and the like described herein, at any time. Gemalto hereby disclaims all warranties and conditions with regard to the information contained herein, including all implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Gemalto be liable, whether in contract, tort or otherwise, for any indirect, special or consequential damages or any damages whatsoever including but not limited to damages resulting from loss of use, data, profits, revenues, or customers, arising out of or in connection with the use or performance of information contained in this document. Gemalto does not and shall not warrant that this product will be resistant to all possible attacks and shall not incur, and disclaims, any liability in this respect. Even if each product is compliant with current security standards in force on the date of their design, security mechanisms' resistance necessarily evolves according to the state of the art in security and notably under the emergence of new attacks. Under no circumstances, shall Gemalto be held liable for any third party actions and in particular in case of any successful attack against systems or equipment incorporating Gemalto products. Gemalto disclaims any liability with respect to security for direct, indirect, incidental or consequential damages that result from any use of its products. It is further stressed that independent testing and verification by the person using the product is particularly encouraged, especially in any application in which defective, incorrect or insecure functioning could result in damage to persons or property, denial of service or loss of privacy. 2010-2017 Gemalto. All rights reserved. Gemalto and the Gemalto logo are trademarks and service marks of Gemalto and/or its subsidiaries and are registered in certain countries. All other trademarks and service marks, whether registered or not in specific countries, are the property of their respective owners. Release Date: November 2017

Contents Third-Party Software Acknowledgement... 4 Description... 4 Applicability... 5 Environment... 5 Audience... 5 CBA Flow using SafeNet Authentication Client... 6 Prerequisites... 7 Supported Tokens and Smart Cards in SafeNet Authentication Client... 7 Configuring Citrix Linux Receiver... 8 Running the Solution... 9 Support Contacts... 11 Customer Support Portal... 11 Telephone Support... 11 3

Third-Party Software Acknowledgement This document is intended to help users of Gemalto products when working with third-party software, such as Citrix Linux Receiver. Material from third-party software is being used solely for the purpose of making instructions clear. Screen images and content obtained from third-party software will be acknowledged as such. Description Customers today are looking to desktop virtualization to transform static desktops into dynamic mobile workspaces that can be centrally and securely managed from the datacenter, and accessed across a wide range of devices and locations. Deploying desktop virtualization without strong authentication is like putting your sensitive data in a vault (the datacenter), and leaving the key (user password) under the door mat. A robust user authentication solution is required to screen access and provide proof-positive assurance that only authorized users are allowed access. SafeNet Authentication Client (SAC) is a Public Key Infrastructure (PKI) middleware that provides a secure method for exchanging information based on public key cryptography, enabling trusted third-party verification of user identities. SafeNet s certificate-based tokens provide secure remote access, as well as other advanced functions, in a single token, including digital signing, password management, network logon, and combined physical/logical access. The tokens come in different form factors, such as USB tokens, smart cards, and software tokens. All of these form factors are interfaced using a single middleware client, SafeNet Authentication Client (SAC). The SAC generic integration with CAPI, CNG, and PKCS#11 security interfaces enables out-of-the-box interoperability with a variety of security applications offering secure web access, secure network logon, PC and data security, and secure email. PKI keys and certificates can be created, stored, and used securely with the hardware or software tokens. Receiver for Linux enables users to access virtual desktops and hosted applications delivered by XenDesktop and XenApp from devices running the Linux operating system. This document provides guidelines for deploying certificate-based authentication (CBA) for user authentication to Citrix Linux Receiver using SafeNet tokens. It is assumed that the Citrix Linux Receiver environment is already configured and working with static passwords prior to implementing SafeNet multi-factor authentication. Citrix Linux Receiver can be configured to support multi-factor authentication in several modes. CBA will be used for the purpose of working with SafeNet products. 4

Applicability The information in this document applies to: SafeNet Authentication Client (SAC) Typical installation mode SafeNet Authentication Client is public key infrastructure (PKI) middleware that manages Gemalto s tokens and smart cards. For more details about different SAC installation modes, please refer to Customization section in SafeNet Authentication Client Administrator Guide. Citrix Linux Receiver Environment The integration environment that was used in this document is based on the following software versions: SafeNet Authentication Client (SAC) - version 10.0 Citrix Linux Receiver - version 13.7 Citrix XenApp/XenDesktop - version 7.14 Linux RedHat - version 7.3 Audience This document is targeted to system administrators who are familiar with Citrix Linux Receiver, and are interested in adding certificate-based authentication capabilities using Gemalto tokens and smart cards. See Supported Tokens and Smart Cards in SafeNet Authentication Client, on page 7. 5

CBA Flow using SafeNet Authentication Client The diagram below illustrates the flow of certificate-based authentication: 2 PCoIP / RDP 3 1 Citrix StoreFront Citrix XA/XD 7.14 Published Apps/RDP Thin Clients / Desktop / Laptops 1. A user attempts to connect to the Citrix Linux Receiver server using the Citrix Receiver for Linux. The user inserts the Gemalto SafeNet token or Smartcard on which his certificate resides, and when prompted, enters the token password. 2. After successful authentication, the user is allowed access to the published apps/desktops. 3. The user selects the app/desktop to use. 6

Prerequisites This section describes the prerequisites that must be installed and configured before implementing certificatebased authentication for Citrix Linux Receiver using Gemalto tokens and smart cards: To use CBA, the Microsoft Enterprise Certificate Authority must be installed and configured. Any CA can be used. In this guide, integration is demonstrated using Microsoft CA. If SafeNet Authentication Manager (SAM) is used to manage the tokens, Token Policy Object (TPO) must be configured with MS CA Connector. For further details, refer to the section Connector for Microsoft CA in the SafeNet Authentication Manager Administrator s Guide. Users must have a Gemalto token or smart card enrolled with an appropriate certificate. SafeNet Authentication Client for Linux 10 must be installed on all Linux client machines. Supported Tokens and Smart Cards in SafeNet Authentication Client SafeNet Authentication Client for Linux 10.0 supports the following tokens and smart cards: Certificate-based USB tokens SafeNet etoken 5110 GA SafeNet etoken 5110 FIPS Smart Cards Gemalto IDPrime MD 830 Gemalto IDPrime MD 840 For a complete list of supported devices, refer to SafeNet Authentication Client Customer Release Notes. 7

Configuring Citrix Linux Receiver This section demonstrates how to configure Citrix Linux receiver to support Gemalto tokens and smart cards. In our lab we used a Microsoft local CA, so first we will configure the Citrix Linux Receiver to trust the local root CA certificate. 1. Login to the local certificate authority and download the Root CA certificate. Make sure you download the certificate in Base64 Encoding. 2. Rename the certificate file to pem 3. Copy the certificate to /opt/citrix/icaclient/keystore/cacerts/ 4. Run the following command: /opt/citrix/icaclient/util/ctx_rehash Now the Citrix Receiver is able to trust the local CA. Next, we will add SafeNet Authentication Client PKCS#11 support to the Citrix Linux Receiver: 1. Open the file /opt/citrix/icaclient/config/authmanconfig.xml in an editor. 2. Under the key PKCS11module key enter the following value (path to SafeNet Authentication Client PKCS#11 dll): <value>/usr/lib64/libetpkcs11.so</value> 3. Save the file and restart the machine. 8

Running the Solution In this lab we used Citrix XenApp/XenDesktop 7.14 with Linux Receiver 13.7 installed on RHEL 7.3. 1. The Linux user inserts a Gemalto token or smart card. 2. The user opens the Citrix Receiver and is prompted to enter the token/smart card PIN code. (The screen image above is from Citrix Systems, Inc. Trademarks are the property of their respective owners). 3. After clicking Log on the user is authenticated to the Citrix StoreFront. (The screen image above is from Citrix Systems, Inc. Trademarks are the property of their respective owners). 9

4. Now, the user can run an app and it will be executed without being required to re-authenticate. (The screen image above is from Citrix Systems, Inc. Trademarks are the property of their respective owners). 10

Support Contacts If you encounter a problem while installing, registering, or operating this product, refer to the documentation. If you cannot resolve the issue, contact your supplier or Gemalto Customer Support. Gemalto Customer Support operates 24 hours a day, 7 days a week. Your level of access to this service is governed by the support plan arrangements made between Gemalto and your organization. Please consult this support plan for further information about your entitlements, including the hours when telephone support is available to you. Customer Support Portal The Customer Support Portal, at https://supportportal.gemalto.com, is a where you can find solutions for most common problems. The Customer Support Portal is a comprehensive, fully searchable database of support resources, including software and firmware downloads, release notes listing known problems and workarounds, a knowledge base, FAQs, product documentation, technical notes, and more. You can also use the portal to create and manage support cases. NOTE: You require an account to access the Customer Support Portal. To create a new account, go to the portal and click on the REGISTER link. Telephone Support If you have an urgent problem, or cannot access the Customer Support Portal, you can contact Customer Support by telephone. Calls to Customer Support are handled on a priority basis. Region Telephone number (Subject to change. An up-to-date list is maintained on the Customer Support Portal) Global +1-410-931-7520 Australia 1800.020.183 China North: 10800-713-1971 South: 10800-1301-932 France 0800-912-857 Germany 0800-181-6374 India 000.800.100.4290 Israel 180-931-5798 Italy 800-786-421 Japan 0066 3382 1699 11

Region Telephone number (Subject to change. An up-to-date list is maintained on the Customer Support Portal) Korea +82 2 3429 1055 Netherlands 0800.022.2996 New Zealand 0800.440.359 Portugal 800.863.499 Singapore 800.1302.029 Spain 900.938.717 Sweden 020.791.028 Switzerland 0800.564.849 United Kingdom 0800.056.3158 United States (800) 545-6608 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback