Skip past navigation linksSecure Global Desktop Administration Guide > Users and authentication > Can I use SafeWord PremierAccess with web server authentication?

Can I use SafeWord PremierAccess with web server authentication?

Yes. You can configure web server authentication to use the third-party SafeWord® PremierAccess™. See http://www.securecomputing.com for more information.

Secure Global Desktop web server authentication relies on the web server setting the REMOTE_USER variable to identify the user. However, when users are authenticated using SafeWord PremierAccess this variable is not set. The following configuration allows you to export the HTTP_SAFEWORD_USER variable to the REMOTE_USER variable.

To enable support for SafeWord PremierAccess, configure each member of the array as follows:

  1. On the web server, configure SafeWord authentication to protect the /tarantella/cgi-bin/secure/ directory (classic webtop) or the /sgd URL (browser-based webtop).
  2. Test that the web server authenticates using SafeWord.
  3. For the classic webtop, enable support for SafeWord by running the following command:
    Skip past command syntax or program codetarantella config edit --tarantella-config-server-cgibin-bootscript secure/ttaauthsafeword.cgi
  4. For the browser-based webtop, configure the web server to export the HTTP_SAFEWORD_USER variable so that the Tomcat component of the Secure Global Desktop Web Server can access it. To do this for Apache component of the Secure Global Desktop Web Server:
    1. Edit the /opt/tarantella/webserver/apache/version/conf/httpd.conf file.
    2. Uncomment out the line:
      JkEnvVar HTTP_SAFEWORD_USER " "
    3. Uncomment out the lines:
      <Location "/sgd">
      SSLOptions +StdEnvVars +ExportCertData
      </Location>
  5. Restart the Secure Global Desktop Web Server and the Secure Global Desktop server.

When this configuration is complete, enable web server authentication in Array Manager.

Related topics