SingleSignOn

This section controls the behavior of the single-sign-on component for Windows. It will require the single-sign-on component to be included in the installation.

CSP

This entry is used to enable/disable the support for single-sign-on for CryptoAPI CSP.

0

CSP single-sign-on disabled

1

CSP single-sign-on enabled

Default value is 0; single-sign-on disabled.

Disable

This entry is used to specify a list of applications, separated with ;, which always will have single-sign-on disabled.

Default value is none; all applications will use single-sign-on when available.

PKCS11

This entry is used to enable/disable the support for single-sign-on for PKCS#11.

0

PKCS#11 single-sign-on disabled

1

PKCS#11 single-sign-on enabled

Default value is 0; single-sign-on disabled.

Server

This entry is used to specify a list of applications, separated with ;, which may act as single-sign-on server.

Server=winlogon.exe;lsass.exe

Default value is none; no application may act as single-sign-on server.

The single-sign-on server process should never be stopped or restarted since the result is unpredictable if single-sign-on client processes are connected when the server process is stopped or restarted. Either use the Windows logon process that is always available or use StartServer below.

StartServer

This entry is used to specify a list of applications, separated with ;, which may start single-sign-on server.

StartServer=winlogon.exe;lsass.exe;logonui.exe

Default value is none; no application may start single-sign-on server.

See note above regarding the Server entry for information when to use StartServer respective Server parameter.

UseCache

This entry is used to enable/disable the support for single-sign-on via a cache server. The normal single-sign-on solution will direct CSP/PKCS11 calls to a single process which will have exclusive access to the smart card.

0

Cache server disabled

1

Cache server enabled

Default value is 0; normal single-sign-on is used.

The cache server will act as a database for PINs and therefore PIN pad may not be used.
Disable CSP/PKCS11 single-sign-on when the cache server is enabled.
Enable single-sign-on server as a service when the cache server is enabled.

UseService

This entry specifies whether the single-sign-on server should be running as a service or as a background process.

0

Run as background process

1

Run as service

Default value is 0; run as background service.

UseStored

This entry specifies whether the single-sign-on server should search for username/password stored on tokens and use the information to automatically fill the username/password edit boxes.

0

Stored username/password not used

1

Stored username/password used

Default value is 0; no search for stored username/password.

The search will check the private box area for object with the following format:

<entry>=<name>;<title>;<user>;<pwd>
<entry>

Specifies the private object name, the name is "SSO" followed by a number starting from "1".

<name>

Descriptive string used for presentation.

<title>

Title of the username/password dialog that should be filled.

<user>

Username that will be filled in.

<pwd>

Password that will be filled in.

SSO1=My;Connect Database;JohnDoe;4711