Reset Search
 

 

Article

KB14443 - A simple single sign on configuration for Odyssey Access Client

« Go Back

Information

 
Last Modified Date3/30/2017 10:08 PM
Synopsis
The purpose of this knowledge base article is to provide a very basic outline on how to configure OAC for single sign on. This document provides step-by-step instructions with commentary and helpful hints.
Problem or Goal
Cause
Solution
Configuring OAC for single sign on is a relatively straight forward process. The following outlines the minimum steps needed to accomplish this. In this example the users Windows credentials will be used for authentication with the use of TTLS and EAP-MSCHAP-V2.



Step 1 Launch Odyssey Access Client Administrator:





Step 2 Open Initial Settings


Although enabled else where in OAC, the actual settings used for the connection are created here. Configure Initial Settings just as you would Odyssey Access Client Manger.

Step 3 Create a Profile

The default profile is configured to use EAP-MSCHAP-V2 in an EAP-TTLS tunnel and authenticate the user with their Windows login credentials.  In most cases the user name field in your “Initial Settings” profile should be left blank. This tells OAC to supply the name used to logon to the computer during the GINA authentication.



Note: With minor changes to this profile it is possible for a user to login to  with their Windows credentials, but authenticate the 802.1x connection with another set of credentials or an RSA token.


By default OAC will attempt to validate the Radius Server certificate if the EAP Type selected supports it. In this case it does. Although it is recommended that you do so, for the purpose of this KB we will select “Disable server verification”.




Step 4 Configure a Network (if using wireless)




Make sure to add the profile you just created.  Initial Settings should look something like this:

 

or



Step 5 Connection Settings




Step 6 Click the GINA Tab




Select "Install Odyssey GINA Module"

Note: If the currently listed GINA module is something other than msgina.dll or one of the listed qualified GINA modules, contact tech-support for assistance.

Step 7 Click the User Account Tab



Select "Prior to Windows logo, using the following settings" then proceed to configure your wired or wireless adapter; then your network or profile.

There are a number of settings on the "User Account" tab.  For testing purposes select never under "Prompt to connect". After enabling GINA you will need to reboot before you can test the configuration. If everything goes well, after entering your credentials at the Ctrl-Alt-Del screen on the XP or the OAC tile in Vista a connection dialog will appear. The status of the connection will be displayed and should end with "Open"; at which point the users desktop will load. If this does not happen review all the steps and try again. If single sign on still doesn't work contact technical support for assistance.

Note: On Windows Vista you are required to decorate your name in the Domain\User name format.
 
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255