Résumé du contenu de la page N° 1
™
Sun Ray , Smart Cards, and Citrix
Enabling Sun Ray Smart Card Pass-through to Citrix
Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054 U.S.A.
650-960-1300
May 2004, Version 1.0
Résumé du contenu de la page N° 2
Copyright 2004 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents, and one or more additional patents or pending patent applications in the U.S. and in
Résumé du contenu de la page N° 3
Contents Overview 1 Software Requirements 2 Solaris Operating Environment 2 Sun Ray Server Software and Patches 2 Sun Ray PC/SC Bypass 3 Citrix Client 3 Microsoft/Citrix Server Components 3 Hardware Requirements 3 Sun Ray Requirements 4 Smart Card Requirements 4 Installation Notes 5 Configuring and Testing Citrix Smart Card Support 6 To Install and Configure Citrix ICA Client 6 Required Reading/Other Resources 10 iii
Résumé du contenu de la page N° 4
iv Book Title • Month 2004
Résumé du contenu de la page N° 5
™ Enabling Sun Ray Smart Card Pass-through to Citrix This document is designed to help users configure the Sun Ray environment so that the smart card channel is available from the Citrix Server to the Sun Ray desktop. It covers the software required to establish this channel as well as how to install, configure, and test the feature. Note – The information in this document supersedes the requirement for the PC/SC Lite package as listed in the Citrix Administrators Guide for UNIX ICA Clients in s
Résumé du contenu de la page N° 6
The end result is that a Sun Ray user can perform certain tasks in a Windows environment, including: ■ PIN-based logins ■ Digital signing, encrypting, and decrypting of email messages from Windows- based email clients such as Microsoft Outlook. Note – The configuration of Citrix and Windows servers and potential applications, including smart card middleware, to be smart card-aware is beyond the scope of this document; however, pointers are given where appropriate. Software Requirements The follo
Résumé du contenu de la page N° 7
Sun Ray PC/SC Bypass ■ Sun library to provide direct access to the Sun Ray smart card reader via the PC/SC API bypassing both the Open Card Framework (OCF) and the Solaris Card Framework (SCF). ■ Package name is SUNWsrcbp.Use version 1.0_07 or later. ■ Available from the Sun download center free of charge. http://www.sun.com/software/download/ Citrix Client ■ Citrix ICA Client for Solaris/SPARC 6.30 or better. The current version as of this writing is 7.02. http://www.citrix.com/site/SS/download
Résumé du contenu de la page N° 8
Sun Ray Requirements Configuring your Sun Ray Server to allow smart card support for Citrix sessions requires the following steps: 1. Ensure that you are running a current version of Solaris that supports Sun Ray Server Software 2.0. 2. Apply the latest Solaris Cluster Patch. 3. Apply the latest Sun Ray Server Patch 114880. The current version as of this document is 114880-04 4. Ensure that smart card middleware is installed on the Citrix Server 5. Install the Sun Ray PC/SC Bypass package. Patch
Résumé du contenu de la page N° 9
Note – If you connect to a Windows Server and receive the following message: The card supplied requires drivers that are not on the system. Please try another card. then you do not have a supported smart card for Windows and need middleware to support your smart card in a Windows environment. ▼ Installing the Sun Ray PC/SC Bypass Note – Make sure that patch 114880-04 or later is installed before installing the Sun Ray PC/SC Bypass. 1. Get the SUNWsrcbp package from the Sun Download Center. http:
Résumé du contenu de la page N° 10
Configuring and Testing Citrix Smart Card Support This document assumes that you know how to install and create connections using the Citrix ICA Client. For information on installing and configuring the Citrix Client for UNIX please read the Administrators Guide available at: http://download2.citrix.com/files/en/products/client/ica/current /docs/UnixCAG.pdf To Install and Configure Citrix ICA Client 1. Install the latest Citrix ICA Client for Solaris (SPARC). Use the latest version available fro
Résumé du contenu de la page N° 11
The Citrix ICA Client for Solaris window appears. FIGURE 1 Citrix ICA Client for Solaris Window 6. Highlight the Connection you wish to test Smart Card support for, and click the properties button. Enabling Sun Ray™ Smart Card Pass-through to Citrix 7
Résumé du contenu de la page N° 12
The Connection Properties Screen appears. FIGURE 2 Connection Properties Screen a. Select the drop down box labeled Network and select Login. This presents the properties screen for Logon attributes. b. For testing purposes, check the box labeled Allow Smart Card Logon. c. Click OK. d. Launch your connection. 8 Sun Ray, Smart Cards, and Citrix • May 2004
Résumé du contenu de la page N° 13
When the Windows Desktop or Published Application appears, you should be prompted for a PIN-based Login . FIGURE 3 Windows Desktop with Prompt for PIN-based Login Note – If you connect to a Windows Server and receive the following message: The card supplied requires drivers that are not on the system. Please try another card. then you do not have a supported smart card for Windows and need middleware to support your smart card in a Windows environment; however, this message indicates that the sm
Résumé du contenu de la page N° 14
Note – Unless your Windows environment is configured to perform PIN-based logins (either via a Microsoft Certificate Server infrastructure or via middleware) you should disable the Allow Smart Card Logon option for your Citrix Connection. It is important to note that this does NOT disable the smart card channel for use with other smart card-aware applications; it is just a very simple way to test the channel. Required Reading/Other Resources Smart card support in a Citrix environment depends on