2 Replies Latest reply: May 10, 2012 8:46 AM by Zettabyte RSS

    Token-only authentication

    928320
      I don't want to use LDAP/AD. I want the token (smart-cards) to automatically log into VDI and present the pools that belong to that token.

      I've added the token in Users -> Company, and assigned the pool to it.

      There is no 'User' or 'User DN' assigned to it.

      I still get the Oracle VDI login screen.
      I've tried 'Disabling Client authentication' , no luck. There is a bit of documentation for 'Assigning users to tokens, etc.' But why do I need an extra user.. I want my token to the user/pass, And I'm having the Desktop handle the authentication.
        • 1. Re: Token-only authentication
          928320
          The article:

          http://docs.oracle.com/cd/E23941_01/E27037/html/sun-ray-kiosk-session.html

          explains:

          "Authentication to Oracle VDI can be disabled, see Section 7.2.7, “How to Disable Client Authentication”. If you disable Client Authentication, the user must either insert a smartcard, or provide a user name and no password (in the login dialog), in order to access their desktop. The available desktops are the desktops assigned to the token, or the desktops assigned to the user name. In this situation, it is best practice to configure the desktop operating system to require authentication."

          I've done this and I still get a login screen... entering a username and leaving the password blank does not work for me. I've changed kiosk mode to enable the username field (It's being auto-populated with the 'owner' of the token I specified in the SRS gui as I was registering.)

          My token has been added into "Users" in the VDI Admin gui, and the correct pool has been assigned..

          I've tried passing kiosk arguments to enable the user field, and hide the domain.. doing so, gives me a black screen.

          NOTE: my token is from OVDC. I have yet to test with a smart card.
          • 2. Re: Token-only authentication
            Zettabyte
            The answer is in the link you posted... use a -n as a VDA kiosk argument to disable the login dialog.