Exit Print View

Oracle Secure Global Desktop Administration Guide for Version 4.6

Previous Next

Document Information

Preface

1.  Networking and Security

2.  User Authentication

3.  Publishing Applications to Users

4.  Configuring Applications

5.  Client Device Support

6.  SGD Client and Webtop

7.  SGD Servers, Arrays, and Load Balancing

A.  Global Settings and Caches

Secure Global Desktop Authentication Tab

The Authentication Wizard

Token Generation

Password Cache

Third-Party Authentication

System Authentication

Search Local Repository

Search LDAP Repository

Use Default Third-Party Identity

Use Default LDAP Profile

Use Closest Matching LDAP Profile

LDAP/Active Directory

Unix

Authentication Token

Windows Domain Controller

SecurID

Anonymous

Search Unix User ID in Local Repository

Search Unix Group ID in Local Repository

Use Default User Profile

Windows Domain

Active Directory

LDAP

Service Objects Tab

The Service Objects List Table

Name

Type

Enabled

URLs

User Name and Password

Connection Security

Active Directory Base Domain

Active Directory Default Domain

Application Authentication Tab

Password Cache Usage

Action When Password Expired

Smart Card Authentication

Dialog Display

"Save Password" Box

"Always Use Smart Card" Box

Display Delay

"Launch Details" Pane

Communication Tab

Unencrypted Connections Port

Encrypted Connections Port

AIP Keepalive Frequency

Timeout for User Session Resumability

Timeout for General Resumability

Resource Synchronization Service

User Session Idle Timeout

Performance Tab

Application Session Load Balancing

Application Load Balancing

Client Device Tab

Windows Client Drive Mapping

Unix Client Drive Mapping

Dynamic Drive Mapping

Windows Audio

Windows Audio Sound Quality

Unix Audio

Unix Audio Sound Quality

Smart Card

Serial Port Mapping

Copy and Paste

Client's Clipboard Security Level

Time Zone Map File

Editing

Printing Tab

Client Printing

Universal PDF Printer

Make Universal PDF Printer the Default

Universal PDF Viewer

Make Universal PDF Viewer the Default

Postscript Printer Driver

Security Tab

New Password Encryption Key

Timeout for Print Name Mapping

Connection Definitions

X Authorization for X Display

Monitoring Tab

Log Filter

Billing Service

Resilience Tab

Array Failover

Monitor Interval

Monitor Attempts

Find Primary Interval

Find Primary Attempts

Action When Failover Ends

Backup Primaries

Caches Tab

Passwords Tab

Description

Command Line

Tokens Tab

Description

Command Line

B.  Secure Global Desktop Server Settings

C.  User Profiles, Applications, and Application Servers

D.  Commands

E.  Login Scripts

F.  Third-Party Legal Notices

Glossary

Index

Application Authentication Tab

Settings on the Application Authentication tab control the user experience when starting applications.

From the command line, use the tarantella config list command to list these settings, and the tarantella config edit command to edit these settings.

Changes to these attributes take effect immediately.

This tab contains the following sections:

Password Cache Usage

Usage: Select or deselect the check box.

Description

Whether to try the password the user typed for the SGD server, if it is stored in the password cache, as the password for the application server.

SGD server passwords might be stored in the cache if some applications are configured to run on the SGD host, or if Password Cache is selected.

This attribute can be overridden by an application server object’s Password Cache Usage attribute.

Command Line

Command option: --launch-trycachedpassword 1 | 0

Usage: Specify 1 (true) or 0 (false).

The following example uses the SGD password stored in the password cache when authenticating to an application server.

--launch-trycachedpassword 1

Action When Password Expired

Usage: Select an option.

Description

The action to take if the user’s password has expired on the application server.

The command line options and their Administration Console equivalents are shown in the following table.

Administration Console
Command Line
Description
Authentication Dialog
dialog
Show an SGD authentication dialog.
Aged Password Handler
manual
Show a terminal window, where the user can change their password.
Launch Failure
none
Take no further action. Treat as a startup failure.

For Windows applications, the Terminal Server handles the authentication process. No information is returned to SGD indicating whether authentication succeeds or fails. This means that once SGD has cached a user name and password for the Windows application server, SGD never displays the authentication dialog again unless the user holds down the Shift key when they click an application’s link, or an Administrator deletes the user’s entry from the password cache.

Command Line

Command option: --launch-expiredpassword manual | dialog | none

Usage: Specify an option.

In the following example, the user can change their password using a terminal window.

--launch-expiredpassword manual

Smart Card Authentication

Usage: Select or deselect the check box.

Description

Enable users to log in to a Microsoft Windows application server with a smart card.

Command Line

Command option: --launch-allowsmartcard 1 | 0

Usage: Specify 1 (true) or 0 (false).

The following example enables users to log in using a smart card.

--launch-allowsmartcard 1

Dialog Display

Usage: Select or deselect the check boxes.

Description

Controls when the application server’s authentication dialog is displayed. The check boxes are inter-related, enabling you to select from three possible options.

The command line options and their Administration Console equivalents are shown in the following table.

Administration Console
Command Line
Description
On Shift-Click (selected)

On Password Problem (selected)
user
Show the authentication dialog if the user holds down the Shift key when they click an application’s link, or if there is a password problem.
On Shift-Click (deselected)

On Password Problem (selected)
system
Only show the authentication dialog when there is a password problem.
On Shift-Click (deselected)

On Password Problem (deselected)
none
Never show the authentication dialog.

For Windows applications, it is the Terminal Server handles the authentication process. No information is returned to SGD indicating whether authentication succeeds or fails. This means that once SGD has cached a user name and password for the Windows application server, SGD never displays the authentication dialog again unless the user holds down the Shift key when they click an application’s link, or an Administrator deletes the user’s entry from the password cache.

Command Line

Command option: --launch-showauthdialog user | system | none

Usage: Specify an option.

In the following example, the application server’s authentication dialog is shown if you hold down the Shift key and click a link to start an application, or if there is a problem with the password.

--launch-showauthdialog user

“Save Password” Box

Usage: Select or deselect the check boxes.

Description

Two attributes that control the initial state of the Save Password check box in the application server authentication dialog and whether users can change it.

If users cannot change the setting, the Initially Checked attribute determines whether users can save passwords in the application server password cache.

Command Line

Command option: --launch-savepassword-initial checked | unchecked

Command option: --launch-savepassword-state enabled | disabled

Usage: Specify a valid option.

In the following example, the initial state of the Save Password check box is selected. Users can change this setting.

--launch-savepassword-initial checked
--launch-savepassword-state enabled

“Always Use Smart Card” Box

Usage: Select or deselect the check boxes.

Description

Two attributes that control the initial state of the Always Use Smart Card check box in the application server authentication dialog box and whether users can change it.

If users cannot change the setting, the Initially Checked attribute determines whether the user’s decision to always use smart card authentication is cached.

Command Line

Command option: --launch-alwayssmartcard-initial checked|unchecked

Command option: --launch-alwayssmartcard-state enabled|disabled

Usage: Specify a valid option.

In the following example, the initial state of the Always Use Smart Card check box is selected. Users can change to this setting.

--launch-alwayssmartcard-initial checked
--launch-alwayssmartcard-state enabled

Display Delay

Usage: Enter a time period, measured in seconds, in the field.

Description

The delay in seconds before showing the Application Launch dialog to users.

Command Line

Command option: --launch-showdialogafter secs

Usage: Replace secs with the delay, measured in seconds.

In the following example, the Application Launch dialog is displayed after two seconds.

--launch-showdialogafter 2

“Launch Details” Pane

Usage: Select or deselect the check boxes.

Description

Attributes that control the initial display state of the Launch Details area of the Application Launch dialog, whether users can change it and whether to show the Launch Details area if an application startup fails.

If users cannot change the setting, the Showed by Default attribute determines whether the users see the application launch details.

Command Line

Command option: --launch-details-initial hidden | shown

Command option: --launch-details-state enabled | disabled

Command option: --launch-details-showonerror 1 | 0

Usage: Specify a valid option.

In the following example, the initial state of the Launch Details area is hidden. Users can change this setting. The Launch Details area is shown if the application fails to start. 

--launch-details-initial hidden
--launch-details-state enabled
--launch-details-showonerror 1
Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next