Using Oracle Virtual Desktop Client with smart card

As you may have discovered, last week Oracle released updates for Sun Ray software and the Oracle Virtual Desktop Client (OVDC) which are described in more detail on the ThinkThin blog.

I wanted to test OVDC with the new smart card functionality to hotdesk my Desktop session between a Sun Ray DTU and the OVDC. But I encountered a small issue when using the smart-card (in fact I was to lazy to read the Release Notes :-)

Before using OVDC you have to enable access for it on the server. This is done automatically if you use the Sun Ray server software as part of the full Oracle VDI stack. But you can also do this manually via the Sun Ray Admin GUI. However, for enabling OVDC access with a smart card this option is not available yet in the Admin GUI. Below I explain what I did in my demo-server infrastructure.

I connected with OVDC on my Windows XP notebook with integrated smart card reader to the patched Sun VDI server and I did get the standard Oracle/Sun VDI Desktop Login screen. When I inserted a smart card in my Windows XP notebook, it connected to the VDI server, but it did not get the Desktop Login screen. Instead, I did get a little icon with a status code 47 in the lower right.

No OVDC Access Icon

On the Sun Ray Wiki you can find a page with SRSS Troubleshooting Icons, where I found that status code 47 means No access for Sun Desktop Access Clients. The Release notes of OVDC helped me to find out that I can enable access for OVDC smart card sessions with the utpolicy CLI-command and the switch -u to specify the policy for card, pseudo or both (resp. smart card session, non-smart card session and both types).

I logged into my Sun VDI (or standalone Sun Ray) server as the root user and I changed the Sun Ray server policy with the following commands:

# First check the current policy on the server
root@vdiserver:# /opt/SUNWut/sbin/utpolicy
# Current Policy:
-a -z both -k both -m -u pseudo

# Change the policy (-u both) to accept card and non-card OVDC sessions
root@vdiserver:# /opt/SUNWut/sbin/utpolicy -a -z both -k both -m -u both

# Restart authentication manager (needed for policy change)
root@vdiserver:# /opt/SUNWut/sbin/utrestart -c
root@vdiserver:# 

After the restart of the Sun Ray Server services and reconnecting OVDC to the server I could hotdesk my Virtual Desktop session between the Sun Ray DTU and the OVDC software client.

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

I post here hands-on examples which I have used in my Oracle VDI Desktop Virtualization projects at customers and partners.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today