headers
Jeremy Stagg | 13 Jun 2012 08:59
Picon
Favicon

VDI 3.4 - Authentication passthru to uttsc kiosk session failing

Hi Guys
 
Have a test VDI 3.4 server with two desktop provider configs:
(a) uttsc with Sun Ray Connector for Windows OS
(b) Microsoft Remote Desktop Provider (MS_RDP)
 
Observations:
- Both point to the same Terminal Server (Win 2K8 R2)
- uttsc is using the default with the IP address of the server only (have tried more complex configs with same result, including setting VDA_SSO_AWARE = $TRUE).
- User authentication passthru works with the MS_RDP  and not uttsc.
- do not want to modify vda and kioskparam scripts, but think may have to
 
Result:
Cannot deliver user authenticated single app from TS farm for project.
 
Questions:
(1) Does the vda script variable VDA_SSO_AWARE get triggered always with uttsc desktop providers ?
(2) How to get the user authentication passthru working with the uttsc session pointing to a terminal server ?
 
We have an ultimate aim of delivering a single application (use -a with uttsc) to a few thousand users.
 
Hence the urgency of the request for information.
 
Any feedback greatly appreciated.
 
Regards
 
Jeremy.
 

ORACLE *** HEWLETT PACKARD *** IBM *** CITRIX *** NOVELL
VDI *** Networks *** Servers *** Storage *** Virtualisation *** Desktops *** Thin Clients
Services for Multi-OS Support (Solaris, Linux, Apple, NetWare, and Windows)
Training, Administration, Project Management and Consultancy
Services Contracts to Suit www.networkhelp.com.au 
_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
Permalink | Reply |
headers
Craig Bender | 13 Jun 2012 16:14
Picon
Favicon

Re: VDI 3.4 - Authentication passthru to uttsc kiosk session failing

I think you have the terminology mixed up.  I believe you mean a Sun Ray 
Kiosk provider instead of uttsc.  Doc is a little weak here, so totally 
understand.  uttsc is the name of the Sun Ray RDP client binary (and 
technically the shell script used to call the binary as well as the 
kiosk session descriptor.

VDA_SSO_AWARE has to be set to true in the kiosk session descriptor, if 
using the provided Sun Ray Connector kiosk session, the session 
descriptor is /etc/opt/SUNWkio/sessions/uttsc.conf.  However, you should 
really copy and rename uttsc.conf (and most likely the directory 
/etc/opt/SUNWkio/sessions/uttsc) and make your edits there.  Make sure 
your session descriptor points to the copied directory.

You need to add the the line VDA_SSO_AWARE=true to that file.

 From there, you'd need to augment the copied kiosk script to pass the 
following args -u $VDA_USER -d $VDA_DOMAIN -i or you could pass it 
through the pool settings for the pool that you made with Sun Ray Kiosk 
Desktop provider.

The -i is so uttsc can read the password from STDIN.

Now, you actually have to edit the copied uttsc kiosk script so that it 
passes the password.

At the end of the day, your copied kiosk script would look something 
like this (if just editing the script) where the uttsc binary gets called.

Old:
$theUTTSCExec $theUTTSCDefaultArgs "$ <at> " 2>&1 ||

New
:
read thePassword
echo $thePassword | $theUTTSCExec -u "$VDA_USER" -d "$VDA_DOMAIN" -i 
$theUTTSCDefaultArgs "$ <at> " 2>&1 ||

On 6/12/12 11:59 PM, Jeremy Stagg wrote:
> Hi Guys
> Have a test VDI 3.4 server with two desktop provider configs:
> (a) uttsc with Sun Ray Connector for Windows OS
> (b) Microsoft Remote Desktop Provider (MS_RDP)
> Observations:
> - Both point to the same Terminal Server (Win 2K8 R2)
> - uttsc is using the default with the IP address of the server only
> (have tried more complex configs with same result, including setting
> VDA_SSO_AWARE = $TRUE).
> - User authentication passthru works with the MS_RDP and not uttsc.
> - do not want to modify vda and kioskparam scripts, but think may have to
> Result:
> Cannot deliver user authenticated single app from TS farm for project.
> Questions:
> (1) Does the vda script variable VDA_SSO_AWARE get triggered always with
> uttsc desktop providers ?
> (2) How to get the user authentication passthru working with the uttsc
> session pointing to a terminal server ?
> We have an ultimate aim of delivering a single application (use -a with
> uttsc) to a few thousand users.
> Hence the urgency of the request for information.
> Any feedback greatly appreciated.
> Regards
> Jeremy.
>
> *ORACLE**** *HEWLETT PACKARD**** *IBM* *** *CITRIX**** *NOVELL*
> *VDI**** *Networks**** *Servers**** *Storage**** *Virtualisation****
> *Desktops**** *Thin Clients*
> /Services for Multi-OS Support (Solaris, Linux, Apple, NetWare, and Windows)
> Training, Administration, Project Management and Consultancy
> Services Contracts to Suit /*www.networkhelp.com.au *
> <http://www.networkhelp.com.au>
>
>
> _______________________________________________
> SunRay-Users mailing list
> SunRay-Users <at> filibeto.org
> http://www.filibeto.org/mailman/listinfo/sunray-users
Permalink | Reply |
headers
Brad Lackey | 13 Jun 2012 17:00
Picon
Favicon

Re: VDI 3.4 - Authentication passthru to uttsc kiosk session failing

Craig's got it right, but as an example for using the Kiosk Desktop Provider in VDI, here is a Kiosk session configuration file and launch script. This example starts fullscreen Internet Explorer from an RDS host.

#> cat /etc/opt/SUNWkio/sessions/ie.conf
-----
KIOSK_SESSION_EXEC=/etc/opt/SUNWkio/sessions/ie/ie.sh
KIOSK_SESSION_LABEL="Internet Explorer"
VDA_SSO_AWARE=true

#> cat /etc/opt/SUNWkio/sessions/ie/ie.sh
-----
#!/bin/sh
thePassword=
read thePassword

theUTTSCExec=/opt/SUNWuttsc/bin/uttsc
IE="C:\Program Files (x86)\Internet Explorer\iexplore.exe"

echo "$thePassword" | $theUTTSCExec -m -a "$IE $1" -u $VDA_USER -d $VDA_DOMAIN -i $2
-----

In this example, this kiosk session descriptor is set up as a desktop provider, and there is a pool created with this desktop provider. In the pool configuration, there is an arguments field in which I pass two arguments. I pass the URL in which IW should start with first ($1) and I pass the host to connect to ($2). You can see that those are used in the script during the execution of uttsc. Make sure to copy these files to all VDI hosts and that the script is chmod a+rx

Hope this helps.

Brad

On Jun 13, 2012, at 7:14 AM, Craig Bender wrote:

I think you have the terminology mixed up.  I believe you mean a Sun Ray Kiosk provider instead of uttsc.  Doc is a little weak here, so totally understand.  uttsc is the name of the Sun Ray RDP client binary (and technically the shell script used to call the binary as well as the kiosk session descriptor.

VDA_SSO_AWARE has to be set to true in the kiosk session descriptor, if using the provided Sun Ray Connector kiosk session, the session descriptor is /etc/opt/SUNWkio/sessions/uttsc.conf.  However, you should really copy and rename uttsc.conf (and most likely the directory /etc/opt/SUNWkio/sessions/uttsc) and make your edits there.  Make sure your session descriptor points to the copied directory.

You need to add the the line VDA_SSO_AWARE=true to that file.

From there, you'd need to augment the copied kiosk script to pass the following args -u $VDA_USER -d $VDA_DOMAIN -i or you could pass it through the pool settings for the pool that you made with Sun Ray Kiosk Desktop provider.

The -i is so uttsc can read the password from STDIN.

Now, you actually have to edit the copied uttsc kiosk script so that it passes the password.

At the end of the day, your copied kiosk script would look something like this (if just editing the script) where the uttsc binary gets called.

Old:
$theUTTSCExec $theUTTSCDefaultArgs "$ <at> " 2>&1 ||

New
:
read thePassword
echo $thePassword | $theUTTSCExec -u "$VDA_USER" -d "$VDA_DOMAIN" -i $theUTTSCDefaultArgs "$ <at> " 2>&1 ||



On 6/12/12 11:59 PM, Jeremy Stagg wrote:
Hi Guys
Have a test VDI 3.4 server with two desktop provider configs:
(a) uttsc with Sun Ray Connector for Windows OS
(b) Microsoft Remote Desktop Provider (MS_RDP)
Observations:
- Both point to the same Terminal Server (Win 2K8 R2)
- uttsc is using the default with the IP address of the server only
(have tried more complex configs with same result, including setting
VDA_SSO_AWARE = $TRUE).
- User authentication passthru works with the MS_RDP and not uttsc.
- do not want to modify vda and kioskparam scripts, but think may have to
Result:
Cannot deliver user authenticated single app from TS farm for project.
Questions:
(1) Does the vda script variable VDA_SSO_AWARE get triggered always with
uttsc desktop providers ?
(2) How to get the user authentication passthru working with the uttsc
session pointing to a terminal server ?
We have an ultimate aim of delivering a single application (use -a with
uttsc) to a few thousand users.
Hence the urgency of the request for information.
Any feedback greatly appreciated.
Regards
Jeremy.

*ORACLE**** *HEWLETT PACKARD**** *IBM* *** *CITRIX**** *NOVELL*
*VDI**** *Networks**** *Servers**** *Storage**** *Virtualisation****
*Desktops**** *Thin Clients*
/Services for Multi-OS Support (Solaris, Linux, Apple, NetWare, and Windows)
Training, Administration, Project Management and Consultancy
Services Contracts to Suit /*www.networkhelp.com.au *
<http://www.networkhelp.com.au>


_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users


Brad Lackey | Technical Enablement Manager
Mobile: +13038758616 
Oracle Desktop Virtualization
San Diego , CA

_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
Permalink | Reply |
headers
Jeremy Stagg | 14 Jun 2012 01:28
Picon
Favicon

Re: VDI 3.4 - Authentication passthru to uttsc kiosk session failing

Brad and Craig
Thank you - yes this does help.
Will advise of result.
Regards
Jeremy.

>>>
From: Brad Lackey <brad.lackey <at> oracle.com>
To: SunRay-Users mailing list <sunray-users <at> filibeto.org>
Date: 14/06/2012 1:05 AM
Subject: Re: [SunRay-Users] VDI 3.4 - Authentication passthru to uttsc kiosk session failing
Craig's got it right, but as an example for using the Kiosk Desktop Provider in VDI, here is a Kiosk session configuration file and launch script. This example starts fullscreen Internet Explorer from an RDS host.

#> cat /etc/opt/SUNWkio/sessions/ie.conf
-----
KIOSK_SESSION_EXEC=/etc/opt/SUNWkio/sessions/ie/ie.sh
KIOSK_SESSION_LABEL="Internet Explorer"
VDA_SSO_AWARE=true

#> cat /etc/opt/SUNWkio/sessions/ie/ie.sh
-----
#!/bin/sh
thePassword=
read thePassword

theUTTSCExec=/opt/SUNWuttsc/bin/uttsc
IE="C:\Program Files (x86)\Internet Explorer\iexplore.exe"

echo "$thePassword" | $theUTTSCExec -m -a "$IE $1" -u $VDA_USER -d $VDA_DOMAIN -i $2
-----

In this example, this kiosk session descriptor is set up as a desktop provider, and there is a pool created with this desktop provider. In the pool configuration, there is an arguments field in which I pass two arguments. I pass the URL in which IW should start with first ($1) and I pass the host to connect to ($2). You can see that those are used in the script during the execution of uttsc. Make sure to copy these files to all VDI hosts and that the script is chmod a+rx

Hope this helps.

Brad

On Jun 13, 2012, at 7:14 AM, Craig Bender wrote:

I think you have the terminology mixed up.  I believe you mean a Sun Ray Kiosk provider instead of uttsc.  Doc is a little weak here, so totally understand.  uttsc is the name of the Sun Ray RDP client binary (and technically the shell script used to call the binary as well as the kiosk session descriptor.

VDA_SSO_AWARE has to be set to true in the kiosk session descriptor, if using the provided Sun Ray Connector kiosk session, the session descriptor is /etc/opt/SUNWkio/sessions/uttsc.conf.  However, you should really copy and rename uttsc.conf (and most likely the directory /etc/opt/SUNWkio/sessions/uttsc) and make your edits there.  Make sure your session descriptor points to the copied directory.

You need to add the the line VDA_SSO_AWARE=true to that file.

From there, you'd need to augment the copied kiosk script to pass the following args -u $VDA_USER -d $VDA_DOMAIN -i or you could pass it through the pool settings for the pool that you made with Sun Ray Kiosk Desktop provider.

The -i is so uttsc can read the password from STDIN.

Now, you actually have to edit the copied uttsc kiosk script so that it passes the password.

At the end of the day, your copied kiosk script would look something like this (if just editing the script) where the uttsc binary gets called.

Old:
$theUTTSCExec $theUTTSCDefaultArgs "$ <at> " 2>&1 ||

New
:
read thePassword
echo $thePassword | $theUTTSCExec -u "$VDA_USER" -d "$VDA_DOMAIN" -i $theUTTSCDefaultArgs "$ <at> " 2>&1 ||



On 6/12/12 11:59 PM, Jeremy Stagg wrote:
Hi Guys
Have a test VDI 3.4 server with two desktop provider configs:
(a) uttsc with Sun Ray Connector for Windows OS
(b) Microsoft Remote Desktop Provider (MS_RDP)
Observations:
- Both point to the same Terminal Server (Win 2K8 R2)
- uttsc is using the default with the IP address of the server only
(have tried more complex configs with same result, including setting
VDA_SSO_AWARE = $TRUE).
- User authentication passthru works with the MS_RDP and not uttsc.
- do not want to modify vda and kioskparam scripts, but think may have to
Result:
Cannot deliver user authenticated single app from TS farm for project.
Questions:
(1) Does the vda script variable VDA_SSO_AWARE get triggered always with
uttsc desktop providers ?
(2) How to get the user authentication passthru working with the uttsc
session pointing to a terminal server ?
We have an ultimate aim of delivering a single application (use -a with
uttsc) to a few thousand users.
Hence the urgency of the request for information.
Any feedback greatly appreciated.
Regards
Jeremy.

*ORACLE**** *HEWLETT PACKARD**** *IBM* *** *CITRIX**** *NOVELL*
*VDI**** *Networks**** *Servers**** *Storage**** *Virtualisation****
*Desktops**** *Thin Clients*
/Services for Multi-OS Support (Solaris, Linux, Apple, NetWare, and Windows)
Training, Administration, Project Management and Consultancy
Services Contracts to Suit /*www.networkhelp.com.au *
<http://www.networkhelp.com.au>


_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users


Brad Lackey | Technical Enablement Manager
Mobile: +13038758616 
Oracle Desktop Virtualization
San Diego , CA


ORACLE *** HEWLETT PACKARD *** IBM *** CITRIX *** NOVELL
VDI *** Networks *** Servers *** Storage *** Virtualisation *** Desktops *** Thin Clients
Services for Multi-OS Support (Solaris, Linux, Apple, NetWare, and Windows)
Training, Administration, Project Management and Consultancy
Services Contracts to Suit www.networkhelp.com.au 
_______________________________________________
SunRay-Users mailing list
SunRay-Users <at> filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
Permalink | Reply |

Gmane