Re: [Muscle] Identity Alliance CSP and citrix smartcard login

Tue, 08 Mar 2005 19:23:56 -0800 

Hiya,

Finally back working on this project again .. lol been busy...

Thanks Dave .. that debug line worked fine.

My scenario is still the same in the previous email except my Citrix server is now on Windows2003 rather than Windows2000. I can perform normal Windows domain smartcard logins with muscle cards but they won't work over Citrix Metaframe.

I perform a username/password login via Citrix. Once in a session I can execute MuscleTools-IDA.exe and successfully access my local muscle-card and view contents.

If I try to execute RegCerts.exe I get this debug output on the server:

03/09 12:57:29 PKCS11Module size is: 11
03/09 12:57:29 PKCS11Module value is: IDAP11.dll
03/09 12:57:29 Dllmain: DLL_PROCESS_ATTACH
03/09 12:57:29 +CPAcquireContext() - called
03/09 12:57:29 Build: $Id: csp.cpp,v 1.9 2004/09/24 15:12:47 corcoran Exp $
03/09 12:57:29 Executable: "E:\Program Files\Identity Alliance\Middleware\Binaries\RegCerts.exe" (E:\WINDOWS\system32\IDACSP.dll)
03/09 12:57:29 Container: "(null)" Flags: (0x0)
03/09 12:57:29 Initializing CSP
03/09 12:57:30 C_Initialize: 0x32
03/09 12:57:30 C_Initialize() failed: 0x32 (50)
03/09 12:57:30 Exception: 0x0 at .\csp.cpp:94 in CPAcquireContext() "PKCS#11 initialization failed"
03/09 12:57:30 -CPAcquireContext() - finished: FALSE (0x80090020)
03/09 12:57:30 Dllmain: DLL_PROCESS_DETACH

It should be noted, however, that if I perform a "Remote Desktop Connection", using the built-in windows tool, instead of a Citrix client, then RegCerts.exe seems to work just fine.

I get a similar error when attempting smartcard login via citrix. The difference being that the executable listed in the debug is WinLogin.exe


If I get all this working I will attempt to get Citrix logins working from Solaris (SunRays). .. If its possible :)


Cheers
Sim




From: David Corcoran <[EMAIL PROTECTED]>
To: "sim rid" <[EMAIL PROTECTED]>
Subject: Re: [Muscle] Identity Alliance CSP and citrix smartcard login
Date: Thu, 6 Jan 2005 09:50:14 -0500

Hi,

Usually a log file is created in C:\CSPDebug.log. Perhaps it is not turned on. You may need to
go into the registry and set Logging to 1 in our CSP.

HKLM\Software\Microsoft\Cryptography\Calais\Defaults\Provider\Identity Alliance CSP

Dave

On Jan 5, 2005, at 11:00 PM, sim rid wrote:

Hi all,

I am testing the Identity Alliance CSP with citrix and have run into a problem with smartcard windows login, via citrix.

My setup:
 Server:
    Windows 2000
     Microsoft certificate services.
     Citrix MetaFrame Server. Version XP 1.0 Feature Release 3
     Identity Alliance CSP installed.

Client:
    Windows XP SP1
    Citrix MetaFrame Program neighbourhood client.  Version 8.100.29670
    Identity Alliance CSP installed.

Smartcard:
   Oberthur Cosmopolic V4 loaded with latest MuscleCard Applet.


What works:

1) Used Microsoft Cert Services to generate a keypair(1024) and cert on the card using smartcard user template and the Identity Alliance CSP.
2) Used card to perform a smartcard login locally on the AD (Windows 2000).
3) Used card to perform a remote domain login from client pc (Windows XP)
4) Setup Citrix client and performed a username/password login, via citrix to the AD/Metaframe server.
5) Used scconfig command to allow MuscleTools-IDA.exe to have access to the local smartcard reader and card inside a citrix session. Via the remote citrix session I could successfully execute MuscleTools-IDA, connect to the local token and list the contents.


What failed:

1) Using the Citrix client attempted to perform a windows smartcard login.
- Windows login screen appeared as normal: "Insert card or press Ctrl-Alt-Delete to begin"
- Inserted muscle card and was prompted for PIN.
- Typed in correct PIN.
- ERROR: "Your credentials could not be read from the smart card. Verify the card is valid, and that it seated properly in the reader"
- Typed in incorrect PIN. Same error.



Any ideas here would be much appreciated.
Also is there some way of getting debug info from the CSP?



Thanks
sim

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle


------------------------------------------------------------------------ ------------
David Corcoran [EMAIL PROTECTED]
Identity Alliance http://www.identityalliance.com

Smart Cards, Biometrics, Training, Identity Management
------------------------------------------------------------------------ -------------


_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle

Reply via email to