Host Access Solutions: Terminal Emulation Software and Host Integration
Host Access Solutions: Terminal Emulation and Host Integration
  
 
customers buy now Host Access News
about us
 Host Access Solutions Home
   
 

Citrix Password Manager SSO for Host Applications

Using PASSPORT Terminal Emulation with Password Manager SSO

Citrix® MetaFrame Password Manager provides password security and enterprise single sign-on (SSO) access to Microsoft® Windows®, Web and host-based applications. These applications may be locally installed on the user's workstation, or running in the Citrix MetaFrame Access Suite environment. Users authenticate once with a single password. MetaFrame Password Manager then authenticates the user to password-protected applications, giving users one, easy-to-remember secure way to log on everywhere. Please visit http://www.citrix.com/site/PS/products/product.asp?familyID=19&productID=7181 for more information.

Citrix® MetaFrame Password Manager Provides SSO for Host Applications

PASSPORT PC TO HOST® terminal emulation software, which is Certified for Windows Vista®, provides access to IBM zSeries (3270), IBM iSeries (5250) and UNIX® (Telnet) host systems. TN3270 emulation and TN5250 emulation can be used in conjunction with Citrix® MetaFrame Password Manager to provide host access to users the most efficient way by using the SSO solution for accessing password-protected host applications. UNIX telnet connections are not supported at this time. Organizations can use this solution to solve many of their business and IT challenges including simplifying end-user computing, reducing help desk calls and costs, increasing network security and much more.

Configuring Password Manager to Work with PASSPORT for Accessing Host Applications

Citrix® MetaFrame Password Manager provides SSO functionality to host applications through terminal emulators (i.e. PASSPORT) that implement HLLAPI or have a built-in scripting language that can display a dialog box. The steps below should be followed to configure the Citrix® MetaFrame Password Manager 2.5 SSO to work with PASSPORT:

citrix password manager host applications

  • Refer to the MetaFrame Password Manager Guide for step 1-3.
  • Synchronization setup (step 4) can be configured using shared folder or Microsoft Active Directory. The instructions shown below are using shared folder. If you want to setup using Active Directory, please refer to the MetaFrame Password Manager Guide.
  1. At a command prompt, access the /Tools directory on the MetaFrame Password Manager CD-ROM, and type:

    CtxFileSyncPrep /path:<pathname> /share:<sharename>

    If you choose not to include the path parameter, the default, %SystemDrive%\CITRIXSYNC, is used. If you choose not to include the share parameter, the default, CITRIXSYNC$, is used. When the program is finished, the shared folder and the People folder are created with appropriate sharing and security permissions set. Your shared folder is now ready to be used for synchronization.
  2. Open the console and select Agent Settings from the Insert menu.
  3. Type a name for the new settings in the Add Agent Settings dialog box and click OK.
  4. Expand the node for the new agent settings and select SyncManager.
  5. Select Add Synchronizer from the Insert menu. The Add Synchronizer dialog box appears.
  6. Enter the shared folder’s name, select Microsoft NTFS File Share (or Novell NetWare File Share) as the Sync. Type, and click OK.
  7. Click the shared folder’s name in the left pane. In the right pane, specify the settings for OfflineNotification to apply to this shared folder.
  8. Expand the shared folder’s node and click Servers.
  9. Click Configure for the Server in the right pane and enter the UNC path to the shared folder.
  10. Right-click the node with the agent settings and click Export.
  11. Click HKLM Registry Format (.reg).
  12. Enter a file name and path for the .reg file or accept the default and click Save.
  13. Right-click Directory in the left pane and click Connect To.
  14. Click Directory Type and select Shared Folder.
  15. Enter the shared folder’s UNC path in the Synchronizer Path field and click OK.

    The path to the shared folder should appear in the right pane. If the shared folder and/or the People folder are not configured with the correct permissions, the console displays an error message.
  • To configure host-based applications (step 5) to work with MetaFrame Password Manager, follow the instructions below:
  1. Host or mainframe support must be enabled on the agent. See instructions below.
  2. A host-based application definition must be created. See instructions below.
  • Refer to the MetaFrame Password Manager Guide for step 6-8 (optional).
  • After you create the application definitions for your host-based applications, configure all the settings for your synchronization point, enable terminal emulator support, and add your application definitions you must save these settings to the synchronization point — your shared folder or Microsoft Active Directory. You save these settings and other data by using the Configure SSO Support command in the console. See instructions below.
  1. Right-click the shared folder and select Configure SSO Support.
  2. Select the data source — either Console or Data File
  3. If you selected Console, select the application definitions, agent settings, and first-time use criteria if you have created custom user questions or if you are using the Bulk Add feature (to create the first-time-use list) and click Next. If you selected Data File, enter or browse to the location of the .ini files associated with the EntList, FTUList, and Agent Settings and click Next.
  4. If you selected Console, MetaFrame Password Manager creates the files listed above. Click Finish. If you selected Data File, a summary of the changes you made appear. Click Finish.

Important: If any new changes are made to the Password Manager console such as host-based application definition, synchronization point, agent setting, etc. The steps above must be repeated to update the Central Credential Store.

  • Follow the instructions below to deliver information to agents using a custom Microsoft Installer file (step 9):
  1. On the console, click Tools > Generate Customized MSI.
  2. Specify the base Microsoft Installer file. Use the setup Microsoft Installer file in the installation directory, Citrix\MetaFrame Password Manager\Agent, or on the product CD-ROM.
  3. Specify the output Microsoft Installer file by browsing to, or typing, the path and file name.
  4. In the Applications Configuration box, click Choose.
  5. Select Use Console as Source.
  6. In the Agent Settings Configuration box, click Choose.
  7. Select Use Console as Source.
  8. Select the name of the agent setting that contains your Synchronizer.
  9. OK to return to the Generate Customized .MSI dialog box.
  10. Click OK to generate the custom Microsoft Installer file.

You can now distribute the Microsoft Installer file to users with the custom agent setting you specified. Follow the instructions below to deploy the MSI file to your users.

Important: From the Manager console, it is important to save (File/Save) your configuration file (.xml) before exiting to retain all configuration settings.

To enable terminal emulation support using the Manager console:

  1. Open the console and click Agent Settings in the left pane.
  2. In the right pane, double-click the agent settings you want or create agent settings by clicking Add, typing a name, and clicking OK.
  3. Double-click AccessManager in the right pane. Alternatively, you can expand the Agent Settings node, expand an agent settings node, and click AccessManager — all in the left pane.
  4. Scroll to the HostMainFrameSupport setting and select Configure.
  5. Verify Enable host support is selected.

To create a host-based application definition:

  1. Connect to the host-based application you want to add to the application list, go to its logon page, and leave it open.
  2. On the Manager console, click Applications in the left pane, click Add in the right pane, and enter the application name or select Application from the Insert menu.
  3. Select New Host/Mainframe as the Application Type and click Finish.
  4. Click the General tab and click Add in the Text Matching section.
  5. Enter the exact text label (on the logon page) that you want to use to identify the logon page. For example, if the user name is the first entry, use the exact text preceding the entry field. Tip: You can copy and paste the text label from the application’s logon page.
  6. Supply the row and column number of the first character of the text label you selected. For example, if the text label for the user name begins at row 6, column 17, enter those coordinates.
  7. Repeat Step 5 and Step 6 for each text label if necessary. For example, if you need to enter a user name and password, repeat these steps for both text labels.
  8. In the Fields box, click Add.
  9. Select a function from the drop-down list; for example, Username/ID.
  10. Enter the row and column numbers of the location for entering the first character of the credential that matches the function from the drop-down list. For example, the user name might be entered beginning at row 6, column 53.
  11. If the user must enter a key to move to the next field or to finish logging on, type the key code representing that key in the Key After field. This key is usually Tab (@T) or Enter (@E). For a list of key codes, see the online help.
  12. Select the Options tab and specify any additional configuration options.
  13. Repeat Step 5 through Step 12 for each additional logon page.
  14. Click OK.
  15. The steps below show how to add applications to appear in the first-time-use list.
  16. In the console, click Applications in the left pane.
  17. Select the Bulk-Add tab in the right pane.
  18. Select Add and select the applications to add to this group. You can select multiple entries using standard Windows selection keys.
  19. Click OK.

To deploy MSI file to your user’s desktop:

  1. Install the custom MSI file on PC.
  2. Reboot and Define User Questions after restarting.
  3. If a First-Time-Use-List (Bulk-Add) is configured in your application definition then the user will be presented with a First-Time-Use Wizard that will prompt for logon credentials to all applications defined.
  4. If a First-Time-Use-List (Bulk-Add) is not configured, the user can manually add the host applications from the Logon Manager agent.

For more information on using Citrix® MetaFrame Password Manager with PASSPORT, contact Zephyr support at http://www.zephyrcorp.com/supportdirect.htm

  
 
host integration datastream

Home | PC-to-Host Emulation | Web-to-Host Terminal Emulator | Host Integration Solutions | Sitemap | Related Host Access Articles
Zephyr specializes in advanced host access, terminal emulation and host integration solutions for Microsoft Windows desktops and servers.
Comments or Suggestions: webmaster@zephyrcorp.com | Legal Information | Privacy Information