You can connect to Citrix, RDP and VMware Horizon roaming sessions using RFID badges with Evidian Authentication Manager (AuthMgr). Custom commands are supported as well.

Prerequisites

  • IGEL Universal Desktop Linux 5.06.100 or newer on the device.
  • An installed and running Evidian SSO Controller, version 10.0 or higher
  • When using HTTPS (IGEL Linux 5.07.100 or newer), the User Access Server's CA root certificate saved locally on the device.
  • The device and the server(s) have to be part of the same Active Directory domain.
  • A supported RFID reader (e.g. OMNIKEY 5022 CL, OMNIKEY 5421), connected to the device.
  • RFID badges that are already enrolled.

Configuring an Evidian Authentication Manager Session

  1. In IGEL Setup, go to Sessions > Evidian AuthMgr > Evidian AuthMgr Sessions.
  2. Add a new session.
  3. Go to Sessions > Evidian AuthMgr > Evidian AuthMgr Sessions > [Session Name] > Connection.
  4. Choose the Protocol used for the user access service (e.g. HTTP).
  5. Enter the IP address or DNS name used for the user access service under Server.
  6. Choose the Port for the user access service (e.g. 9764).
  7. Under Path to service, enter the path for the user access service (e.g. /soap).
  8. Under CA certificate, enter the path to the CA certificate, including its name, or path of the certification authority (e.g. /wfs/ca-certs/ca.crt). The certificate is required for HTTPS connections.
  9. Enter the secret for the Roaming session secret.
  10. When using HTTPS, select CA certificate as the user access server's CA root certificate on the device.
  11. Under Evidian AuthMgr > Evidian AuthMgr Sessions > [Session Name] > Options, select the desired Session type.
    This will make Evidian Authentication Manager use the first configured session of its type, e.g. RDP. Make sure that a session is configured.

    If you choose the user-defined session type, you need to supply the custom commands; see Custom Commands. For further options, see Options in the IGEL OS Reference Manual.

  12. Start the new session by clicking on its icon in the Start Menu. Alternatively, reboot the device. In the default autostart setting the Evidian Authentication Manager for your session will start automatically and wait for an RFID badge to be placed on the reader.

    You can only start a single instance of an Evidian Authentication Manager session.

Configuring Citrix/RDP/VMware Horizon Sessions

Configure the session that you want to use with Evidian Authentication Manager as the first session of its kind. The shortcuts to the session settings are provided in the Setup section Related Configurations:

Using a Custom Configuration File

Instead of using the settings provided by IGEL Setup, you can enable a custom configuration file under Sessions > Evidian AuthMgr > Evidian AuthMgr Sessions > [Session Name] > Options > Use configuration file. Then all the other session settings will be ignored. You find a commented template for the configuration file at /etc/rsUserAuth/rsUserAuth.ini.

Logging in with Evidian Authentication Manager

  1. Place your RFID badge on the RFID reader (or tap the reader with it if you configured Tapping Mode)
  2. Your Citrix/RDP/VMware Horizon session will open if an active roaming session for your user already exists. If it does not, you will be presented with a password prompt for the user's Active Directory password.
  3. Remove your RFID badge (or tap the reader again) to disconnect from the session.