Thursday, February 16, 2012

Integrating IBM Tivoli Access Manager for Enterprise Single Sign-On 8.0 on XenDesktop 5.5

IBM TAM-ESSO use its own GINA called engine.dll. When a new user logs on from the AccessAgent GINA, the private desktop first verifies that the user is a valid user, and then creates a Windows desktop for that user. It then loads the user's Windows profile, and creates the user's shell (starting Windows Explorer, and so on) for the user to interact with the desktop. When we install XD 5.5 VDA , it has its own GINA picagina.dll which works along with Microsoft GINA which is MSGINA. It is very important to understand how this authentication will take place as you want WI to perform AD based authentication for the VDA.

In order to integrate we should follow the order of installation of SSO and VDA. First AM-SSO is installed on Virtual Desktop.

To install use executable and it will walk you through installation wizard

  1. Double click and run the wizard

image

2.  This TAM E-SSO agent create a folder called Encentuate which was acquired by IBM.

image 

3. This is will ask for TAM SSO server

image

4.  Configuration of TAM SSO server will prompt to reboot.

image

5. After reboot  following screen will come which says GINA is modified . Login to windows logon

image

6. Check the following registry location and note down the change in GINA location . This Gina is from AM-ESSO which is "engine.dll"

image

7.  Now install the VDA 5.5 and reboot the machine check the same winlogon key  and verify the GINA. Now there is two GINA . One GINA modified by VDA and other had been added by Microsoft.

image

8. In order to work with SSO the sequence of GINA should be in the following order PICAGINA >> TAM-ESSO GINA >> MSGINA. Reboot this machine into safe mode and point both the registry key to following location.

image

9. After that VD is boot and assigned to the desktop group which I am not going to show here. Once the desktop launch it will be prompt for the AM-ESSO user name and password.

image

10. Once it is authenticated it will pass Active directory authentication . First time it will prompt to save the password

image

If you try to install the VDA first and SSO second then this is what the error message will come

image

Thanks to my friend Sandip for providing  CTX119665

Also Red book from IBM helped to give fair idea about AM-SSO GINA

Posted by Vikash Kumar Roy at 11:59 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)