In comparison to simply using passwords, two-factor authentication with a smartcard or smart token offers an additional layer of security. When configuring login with a smartcard, you have to define smartcard middleware to be used. In this area of the IGEL Setup, you select the middleware (PKCS#11 module) which matches your card or your token. Alternatively, you can specify here your own PKCS#11 module.
The middleware selected here will be used for the following logins:
- Login to Citrix sessions; see Citrix Global
- Login to Citrix StoreFront; see Citrix StoreFront
- Login to an endpoint device via Active Directory; see Active Directory/Kerberos
For more information on smartcard authentication in IGEL OS, see the how-to Smartcard Authentication in IGEL OS.
If you use IGEL smartcards, see Authentication with IGEL Smartcard.
Menu path: Security > Smartcard > Middleware
For smartcard authentication to Citrix and Active Directory / Kerberos, you can use several middleware libraries at the same time. The concurrent usage of multiple smartcard middleware libraries may be required, for example, if multiple users with different smartcard types must have access to the device.
Note: If no middleware is activated, OpenSC is used as a fallback.
The middleware for Gemalto/SafeNet eToken, IDPrime smartcards and Token is used.
The middleware for cryptovision smartcards is used.
The middleware for Gemalto IDPrime smartcards is used.
Enable this Gemalto middleware when you want to operate Gemalto Common Criteria devices in unlinked mode.
The middleware for Athena IDProtect smartcards is used.
The middleware for SafeSign smartcards is used.
SecMaker Net iD Enterprise
The SecMaker Net iD Enterprise middleware, formerly known as "Secmaker Net iD", is used.
Enable this SecMaker middleware if you use Net iD implementation with CID (Certificate Identity Declaration).
SecMaker Net iD Client
The SecMaker Net iD Client middleware is used. SecMaker Net iD Client is the next generation of Net iD Enterprise, see http://docs.secmaker.com/net-id-client/latest/index.html.
The SecMaker Net iD Client must also be installed on the server side.
The middleware Coolkey is used.
The middleware OpenSC is used.
The 90meter middleware is used.
This feature requires an add-on license; see Add-On Licenses. Please contact your IGEL sales representative.
Custom PKCS#11 module
The PKCS#11 module stored under the Path to the library is used. See also Using a Custom PKCS#11 Library.
Path to the library
Path to the custom PKCS#11 module. Example:
/usr/lib/pkcs11/[name of the library].so