SingleSignOn
This section controls the behavior of the single-sign-on component for Windows. It will require the single-sign-on component to be included in the installation.
CSP
This entry is used to enable/disable the support for single-sign-on for CryptoAPI CSP.
- 0
-
CSP single-sign-on disabled
- 1
-
CSP single-sign-on enabled
Default value is 0; single-sign-on disabled.
Disable
This entry is used to specify a list of applications, separated with ;, which always will have single-sign-on disabled.
Default value is none; all applications will use single-sign-on when available.
PKCS11
This entry is used to enable/disable the support for single-sign-on for PKCS#11.
- 0
-
PKCS#11 single-sign-on disabled
- 1
-
PKCS#11 single-sign-on enabled
Default value is 0; single-sign-on disabled.
Server
This entry is used to specify a list of applications, separated with ;, which may act as single-sign-on server.
Server=winlogon.exe;lsass.exe
Default value is none; no application may act as single-sign-on server.
| The single-sign-on server process should never be stopped or restarted since the result is unpredictable if single-sign-on client processes are connected when the server process is stopped or restarted. Either use the Windows logon process that is always available or use StartServer below. |
StartServer
This entry is used to specify a list of applications, separated with ;, which may start single-sign-on server.
StartServer=winlogon.exe;lsass.exe;logonui.exe
Default value is none; no application may start single-sign-on server.
| See note above regarding the Server entry for information when to use StartServer respective Server parameter. |
UseCache
This entry is used to enable/disable the support for single-sign-on via a cache server. The normal single-sign-on solution will direct CSP/PKCS11 calls to a single process which will have exclusive access to the smart card.
- 0
-
Cache server disabled
- 1
-
Cache server enabled
Default value is 0; normal single-sign-on is used.
| The cache server will act as a database for PINs and therefore PIN pad may not be used. |
| Disable CSP/PKCS11 single-sign-on when the cache server is enabled. |
| Enable single-sign-on server as a service when the cache server is enabled. |
UseService
This entry specifies whether the single-sign-on server should be running as a service or as a background process.
- 0
-
Run as background process
- 1
-
Run as service
Default value is 0; run as background service.
UseStored
This entry specifies whether the single-sign-on server should search for username/password stored on tokens and use the information to automatically fill the username/password edit boxes.
- 0
-
Stored username/password not used
- 1
-
Stored username/password used
Default value is 0; no search for stored username/password.
The search will check the private box area for object with the following format:
<entry>=<name>;<title>;<user>;<pwd>
- <entry>
-
Specifies the private object name, the name is "SSO" followed by a number starting from "1".
- <name>
-
Descriptive string used for presentation.
- <title>
-
Title of the username/password dialog that should be filled.
- <user>
-
Username that will be filled in.
- <pwd>
-
Password that will be filled in.
SSO1=My;Connect Database;JohnDoe;4711