5.2 Using NMAS with Citrix

The NMAS works in a remote Citrix session by redirecting the authentication to the remote Citrix Client (referred to as the ICA Client) so that the Login Client NMAS Methods are invoked on the same workstation on which the hardware is installed.

Example

Problem: The user at the ICA client launches a remote session. The devices (for example, a pcProx reader, smart card, or fingerprint reader) are also at the remote client. In the past, NMAS in this environment launched a session on the Citrix server. The output was redirected to the ICA client. The programs are running on the Citrix server, but input and output occur at the ICA client. NMAS cannot communicate with its authentication devices at the ICA client.

The user at the ICA client wants to log in with Client32, NMAS, and a fingerprint reader. A Client32 login dialog box appears. Client32 and the NMAS client are running on the Citrix server. NMAS launches LCM (login client method) on the Citrix server.

The fingerprint reader is attached to the ICA client, but the LCM is being launched on the Citrix server. The LCM can't read the fingerprint reader because the network link is in the middle. The virtual channel solves this problem.

Solution by Using Virtual Channels: Client32 calls NMAS, and NMAS calls Novell SecureLogin before it authenticates the user. Novell SecureLogin determines whether it is running in a remote Citrix session or in a console session. (It tries to determine whether another workstation is on the network for the session that this workstation is attached to. The Citrix server could be serving sessions to as many as 1,000 ICA clients. One session could be running on the console.) Novell SecureLogin determines whether it is running in a console session or one of the remote sessions.

If Novell SecureLogin is running in a remote session, it uses the virtual channel, which runs over the Citrix protocol. Novell SecureLogin communicates with a .dll file that is plugged in to the ICA client. The .dll file invokes NMAS. The client invokes an LCM on the ICA client, which communicates with the devices attached to the ICA client. NMAS running on the Citrix server knows that Novell SecureLogin is handling the login.

Novell SecureLogin redirects to the ICA client, called NMAS on that client. It is redirecting the output from NMAS across the virtual channel. Client 32 sends a NetWare Core Protocol to the NMAS server as it normally would.

After redirection, Secure Workstation communicates to NMAS running on the Citrix server that the user is logged in. NMAS then provides a session.

The user is not aware that anything special or different happened. The user at the ICA client sees the login dialog box with instructions to place a thumb on the thumbprint reader. The user uses the thumbprint reader to log in.