Environment
Situation
Question
What sequence does SecureLogin Single Sign-On follow in a Novell eDirectory environment to automatically log users into a Citrix server?
Resolution
Answer
SecureLogin SSO is able to capture the eDirectory credentials entered by the user on their workstation and passes them to the Citrix server automatically. This means a user doesn’t have to logon to eDirectory and then re-authenticate to eDirectory when they launch a Citrix ICA session. This is known as GINA to GINA pass through.
The customer is running Citrix servers but their primary authentication is to eDirectory so they have installed the Novell client on the Citrix server. They have also installed SecureLogin SSO on the Citrix server for SSO.
The user has the Citrix ICA client and SecureLogin installed on their workstation.
- The Novell client logon extension SLINA.DLL retrieves the Username and Password the user entered into their Novell Client logon screen, and stores them in a hidden and encrypted SecureLogin platform.
- The user starts an ICA session connecting to a Citrix server.
- The user logs on to Citrix Program Neighborhood and upon initiating the ICA session the user must be authenticated to eDirectory.
- The Username and Password entered earlier are retrieved by SecureLogin and passed down the Citrix Virtual Channel.
- After the credentials are received by the interface, the normal user level eDirectory transaction occurs between the Citrix server and eDirectory.
- Upon authentication to eDirectory, sllauncher.exe starts SecureLogin SSO.
- A call is made to eDirectory to acquire/synchronize assigned scripts, settings, stored credentials and other SSO data.
- Control is then handed off to the specified ICA application and any SSO requests are handled by SecureLogin.
- As the session ages, periodic refreshes of the SecureLogin SSO store are attempted. The timeframe is adjustable by the administrator.
- When a user ends the ICA application, sllauncher.exe closes SecureLogin SSO.