Вы находитесь на странице: 1из 10

MetaPass™ SSO Desktop Deployment - Administrator Guide

MetaPass™ SSO Desktop Deployment - Administrator Guide The Universal Single Sign-On Solution SSO Desktop Deployment

The Universal Single Sign-On Solution

SSO Desktop Deployment Administrator Guide

Version 4.6

Rev. 0109

MetaPass™ SSO Desktop Deployment - Administrator Guide

Contents

Introduction

3

MetaPass Main Components

3

SSO Desktop Client

4

User Profile

4

SSO Desktop Client Installers

5

System Requirements

6

Installing SSO Desktop manually in Windows

6

Auto-Deploy

7

First time launching SSO Desktop

7

Use server.xml to avoid showing the Server Info window

8

Recomended KIOSK Deployment

9

Updating the SSO Desktop Client

10

Updating software to new version

10

Uninstall the software on Windows

10

MetaPass™ SSO Desktop Deployment - Administrator Guide

Introduction

Enterprise single sign-on (SSO) allows computer users to access multiple secure systems with a single authentication, without the need to type and remember multiple passwords. Benefits include increased security, control, compliance, and productivity; and reduced help desk costs and user frustration.

MetaPass Main Components

desk costs and user frustration. MetaPass Main Components MetaPass Server MetaPass uses client and server architecture

MetaPass Server

MetaPass uses client and server architecture to manage each SSO Desktop clients. The MetaPass Server stores all the data and configuration files from MetaPass Administrator. It also distributes updates to SSO Desktop clients, and manages backup from clients.

MetaPass Administrator

MetaPass Administrator is an administrative client application for IT personnels. Creating new application profiles, setting up authentication schemes, enrolling users, and applying policy to clients are performed in this tool. All the data from this tool will be stored in the server.

MetaPass SSO Desktop

MetaPass SSO Desktop is a client application for end users, and it performs the login process for them. It receives application profile update and policy update from server when ever available.

MetaPass™ SSO Desktop Deployment - Administrator Guide

SSO Desktop Client

The SSO Desktop Client mainly consists of 2 components. The first part is the client software itself, and it is universal. The executable client installer is provided for this part of deployment. The second part is the User Profile. The User Profile includes the configuration file of the Authentication and Storage of SSO Client and user's credential files if applicable.

User Profile

SSO Desktop will not operate if no User Profile is found on the user's account. User Profile consists of 1 or more files, depends on the Authentication and Storage configuration that is used to enroll the users in the MetaPass Administrator client. It's often that the User Profile contains files that are uniquely generated for the users. This User Profile needs to be placed in the User's MetaPass Folder (user's Application Data/MetaPass for Windows, and user's home/MetaPass for Mac and Linux). From version 4.6, this User Profile can be copied automatically by Auto-Deploy feature.

authconfig.xml

If you have deployed SSO Desktop client successfully, you will always see a configuration file called authconfig.xml under the User's MetaPass Folder. This file is generated when you setup the Authentication and Storage in the MetaPass Administrator client. It tells SSO Desktop that what type of authentication is used and where to store the user's credentials.

Examples of User Profile

Windows Authentication template:

If you use the Windows Authentication for Authentication and Storage Setup, you will see the following files under the User's MetaPass Folder.

authconfig.xml – In this file, it tells SSO Desktop to use Windows Authentication (DPAPI) to protect user's data and store user's data under the User's MetaPass Folder.

creds.xml – This is the user's data file that stores all the user's credentials and certificates to communicate with the server. Since this file is unique for each users, Auto-Deploy feature is helpful to deploy this file to each client computer.

MetaPass™ SSO Desktop Deployment - Administrator Guide

KIOSK template:

If you use the KIOSK template for Authentication and Storage Setup, you will see the only one file under the User's MetaPass Folder.

authconfig.xml – In this file, it tells SSO Desktop to use KIOSK configuration. The user's data is stored in the server and protected by server.

SSO Desktop Client Installers

The EXE format of the client installer is provided by default. The MSI installer or installers for other platforms are also available upon the request.

The silent installation feature is included on the installers, so you can use your third-party client management tools (BigFix, Languard, Lanworks, AD(Active Directory) or etc.) for client installation.

The option for the silent installation for EXE installer is:

MetaPass_SSO_Setup.exe /S /LANGUAGE=en

/S means silent mode, no pop-up on the user's machine.

If no /LANGUAGE option is specified, it will install in English. Use /LANGUAGE option to selects the preferred language. The languages supported today are:

Language

Option

English

en

Spanish

es

French

fr

German

ge

Italian

it

Japanese

jp

Traditional Chinese (Taiwan)

tw

MetaPass™ SSO Desktop Deployment - Administrator Guide

System Requirements

Windows 2000/2003/XP/Vista/2008,

Ubuntu Linux, Red Hat Linux, SUSE Linux, or Mac OS X

Minimum 1GB free space on the hard drive

Minimum 512MB RAM

Installing SSO Desktop manually in Windows

Log onto client computer with Administrator's privileges.

Double-click on the MetaPass_SSO_Setup.exe file to start the installation process.

Follow the instructions on the screen to go through the installation process.

MetaPass™ SSO Desktop Deployment - Administrator Guide

Auto-Deploy

Since SSO Desktop client will not operate without User Profile, Auto-Deploy feature helps to deploy the appropriate User Profile. First, it connects to the server to authenticate the user, and then copy the User Profile to User's MetaPass Folder for the first time launching SSO Desktop.

First time launching SSO Desktop

The following Server Info window appears when you first time launch SSO Desktop.

Info window appears when you first time launch SSO Desktop. Enter the Server Name or IP

Enter the Server Name or IP and Port Number of the MetaPass Server and click OK. If it connects to the server successfully, a file called server.xml will be created under the User's MetaPass Folder. This file will be explained more in detailed later.

Folder . This file will be explained more in detailed later. The Authentication window above will

The Authentication window above will show up if the server is connected

MetaPass™ SSO Desktop Deployment - Administrator Guide

successfully. This window prompts users to enter their domain credentials to authenticate the users. For Non-Domain users, they will recieve an e-mail with user ID and password after the enrollment. Leave this Domain feild empty and enter the user ID and password from the e-mail.

empty and enter the user ID and password from the e-mail. Finally, the SSO Desktop main

Finally, the SSO Desktop main window will appear if the user has been authenticated successfully. At this point, the User Profile has been depolyed successfully as well.

Use server.xml to avoid showing the Server Info window

As mentioned previously, a file called server.xml will be created under the User's MetaPass Folder after the first time entering the server name and port number on the Server Info window. This file tells the SSO Desktop the server locaion. If you open the file you will see the following line.

<server host="sso-server" port="5000" />

Since this file will be same for all users, you can simplify the deployment process for the users by avoiding showing the Server Info window.

Create server.xml as explained above.

Find server.xml file under the User's MetaPass Folder.

Now, this file can be placed on the 3 possible locations.

User's MetaPass Folder – This folder has the highest priority. However, it is not recemmended to use this location becuase you will have to copy this file to each user's User's MetaPass Folder (if the cilent computer can be shared) on each cilent computer.

All User folder – This folder is available on Windows only. E.g. C:\Documents and Settings\All Users\MetaPass\

MetaPass™ SSO Desktop Deployment - Administrator Guide

Installation folder – To be specific, it has to be running folder. E.g. C:\ Program Files\MetaPass SSO\run\system\

Use your third-party client management tools or startup script to copy this server.xml file to each client computer.

Recomended KIOSK Deployment

Since no user credentials is stored locally for KIOSK configuration, you can deploy SSO Desktop client without asking user's domain credentials (by showing Authentication window). In addition to server.xml file described above, you only need one more configuration file called authconfig.xml. This authconfig.xml file is also same for all the KIOSK computer. Therefore, like server.xml file, place this file to the All User folder or Installation folder to complete the deployment.

MetaPass™ SSO Desktop Deployment - Administrator Guide

Updating the SSO Desktop Client

Updating software to new version

To update the SSO Desktop client to new version in Windows, in most of the cases, it is not necessary to uninstall the current version of the software. Please follow the following procedure for the EXE installer.

Launch the new SSO Desktop client installer or use silent installation mode to over write the old files.

Uninstall the software on Windows

Go to Add or Remove Programs on the Control Panel and remove “MetaPass SSO”

The User's MetaPass Folder and User Profile will not be deleted automatically. Delet them manually if needed.