Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

It is a suitable procedure for testing and quick configuring, but a secure way to install and configure your installation certificate is preferred.

 


Users can logout” checkbox enable users to open the Soffid notifier menu and close it's Soffid session. After logging out, the user will be allowed to start a new Soffid session with the same or another user name. If the checkbox is not selected, the user will not be allowed to close Soffid session without closing Windows session.

...

-nogina or /nogina: do not modify previos GINA. In this version, this parameter only applies in first installation.

 


Example:

Code Block
C:\> soffidesso.exe -q -server https://server.domain.local:760 -force -nogina

...

-smartupdate or /smartupdate: Smart update installation 

 


Example:

Code Block
C:\> soffidesso.exe -q -server https://server.domain.local:760 -force -nogina -smartupdate

...

To customaize configuration parameters, the PARAM variable can be used: 


Example:

Code Block
C:\> msiexec /i soffidesso.mssi PARAM="-q -server https://server.domain.local:760 -force -nogina -smartupdate"

...

The system stores all its settings in the registry branch HKLM\Software\Soffid\esso. The values used are as follows:

Entry

Default Value

Description

LogonEntry

Logon

After identifying the user, Soffid ESSO will look at the defined application tree for an application with this key, in order to execute it.

OfflineEntry

Offline

If synchronization servers are not reachable, an alternative script will be execute. This entry contains the key of the application entry point to execute in such a case.

LocalCardSupport

2

Indicate whether to ask for coordinates card at logon time or not. Four values are allowed.

1 – Coordinates card is required

2 – Coordinates card is required if and only if the user is the owner of one card.

3 – Coordinates card is required if the user is connecting from a not registered device.

4 – Never ask for coordinates card.

RemoteCardSupport

1

Indicate whether to ask for coordinates card when performing a remote logon. Four values are allowed.

1 – Coordinates card is required

2 – Coordinates card is required if and only if the user is the owner of one card.

3 – Coordinates card is required if the user is connecting from a not registered remote device.

4 – Never ask for coordinates card.

LocalOfflineAllowed

1

Specifies whether is it permitted to use the workstation when no Soffid synchronization servers are reachable.

1 – It's permitted.

0 – It's forbidden.

RemoteOfflineAllowed

0

Specifies whether it is permitted to open a terminal server connection against this host when no Soffid synchronization servers are reachable.

1 – It's permitted.

0 – It's forbidden.

CertificateFile

root.cer

Specifies the name of the file containing the Certificate Authority certificate used by the synchronization server (X509 DER format)

SSOServer

stsmlin3.caib.es,

sticlin2.caib.es

Comma-separated list of synchronization server names

seycon.https.port

760

TCP/IP port used for connecting to SEYCON

debuglevel

 


Indicates the level of detail of the log:

0 = not recorded anything

1 = Basic Information

2 = Detailed Information

ginalogFile

 


Name of the file which records the actions taken by GINA. Do not enable it unless needed.

ShiroHostName

 


Do not modify: It contains the name that the host had when it was registered at Soffid server.

startDisabled

false 

When it contains the value “true”, Soffid ESSO will be started in disabled (or pause) state. Thus, it will not inject any user name or password on user applications.

MazingerVersion

 


It contains the version number of Soffid ESSO.

sayaka.domain

 


It contains the Active Directory name the workstations belongs to.

sayaka.pkcs11%

(reserved) 

Each crypto card used by the user will have a corresponding entry indicating the name of the PKCS#11 DLL that can handle it. Do not modify.


Startup process

Windows XP GINA logon

...

Second.  Performs injection or user names and password to applications, based on the SSO rules bound to each application entry point the user is authorized to execute.\

Enforcing browser addons

Modern browsers, apply certain restrictions to automatically enable browser addons without user intervention:

Google chrome

Google chrome extension is automatically enabled, but requires internet access, as Chrome is going to download the addon directly from Chrome store rather than using the locally installed version.


Mozilla Firefox


There is a Mozilla firefox group policy to automatically enable any extension. Follow this link to get it:  https://github.com/mozilla/policy-templates/releases/download/v1.11/policy_templates_v1.11.zip

You can alternatively, add the following registry key:

HKEY_LOCAL_MACHINE\Software\Policies\Mozilla\Firefox\Extensions\Locked\1 = "esso@soffid.com"


Internet Explorer


As well, there is a group policy for Internet Explorer. Please, follow this Microsoft link to get it: https://docs.microsoft.com/es-es/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy

The GUUID of Soffid ESSO group policy is {53252A52-D536-11DF-866D-5B82D67A00D1}