Skip past navigation linksSecure Global Desktop Administration Guide > Users and authentication > The authentication token login authority

The authentication token login authority

Overview

The authentication token login authority allows users to log in to Secure Global Desktop if the Sun Secure Global Desktop Client submits a valid authentication token.

This login authority is disabled by default.

To use this login authority:

  1. The user must log in and be authenticated by another login authority or third party authentication.
  2. The user must generate an authentication token.
  3. The Secure Global Desktop Client must be configured to operate in integrated mode.

See Using the authentication token login authority for automatic logins for details of how to configure this login authority.

Note The authentication token login authority can only be used with the Secure Global Desktop Client. The Native Client and Java™ technology clients do not support this login authority.

Logging in

When the Secure Global Desktop Client starts, it submits the authentication token to Secure Global Desktop. The user does not enter a username or password.

Authentication

  1. This login authority authenticates a user if the Secure Global Desktop Client submits a valid authentication token.
  2. If the authentication token is valid, the user is logged in.
  3. If the authentication token is invalid or the Secure Global Desktop Client does not submit a token,
    the Secure Global Desktop login dialog is displayed in a web browser so that the user can log in and be authenticated with another login authority or authentication method.

User identity and login profile

The Secure Global Desktop server stores the authentication token against the identity of the user when they generated their authentication token. This means the identity and login profile used are those of the login authority that originally authenticated the user, for example:

Original authentication Identity Login Profile
UNIX user .../_user/indigo .../_ens/o=Tarantella System Objects/cn=UNIX User Profile
ENS .../_ens/o=Indigo Insurance/cn=Indigo Jones .../_ens/o=Indigo Insurance/cn=Indigo Jones
LDAP .../_service/sco/tta/ldapcache/dc=com/dc=Indigo Insurance/cn=Indigo Jones .../_ens/o=Tarantella System Objects/cn=LDAP Profile
Third party .../_service/sco/tta/thirdparty/indigo .../_ens/o=Tarantella System Objects/cn=Third Party Profile

Emulator sessions and password cache entries

Emulator sessions and password cache entries belong to the identity of the original authentication.

Related topics