What is Smart Card Authentication?

Smart Card Authentication – Smart cards are small plastic cards, similar to credit cards with an embedded microchip that can be set up to store user authentication information. Organizations worldwide are adopting strong authentication solutions to validate an individual’s identity before providing access to computer networks, systems and applications. The smart card chip can store authentication information for a specific user such as PIN. This makes the smart card a perfect solution to security conscious businesses.

When users insert their smart cards through the smart card reader, the card implements multiple factors of authentication which secures the threat of hackers gaining access to sensitive applications, desktops and data stored in a datacenter.

In this guide we will walk through a 4 stage setup procedure to use “smart card authentication” with a Parallels Remote Application Server environment.

Stage 1: Smart Card Setup Prerequisites

Before Parallels Remote Application Server is able to authenticate users with smart cards, the system must be configured correctly according to the prerequisites listed below.

  • Active Directory configured for authenticating domain users with smart card.
  • Enterprise PKI and issued user certificates.
  • A RDP server (2008, 2008R2, 2012, 2012 R2) joined to the same domain and it should allow the domain users to log in via smart card.
  • Drivers for the smart card AND the smart card reader installed on the RDP server as well as on the client machines that will connect to the RDP server.
Note: The configuration of these prerequisites may vary depending on the smart card vendor.

Stage 2: Test the Setup

After the prerequisites are configured, a test is required to verify that smart card authentication configured in Stage 1 has been set up correctly. This test will attempt to authenticate with the RDP server from a Windows machine using smart card.

How to Configure a Smart Card Authentication

  • Click the Windows “Start” menu and search for mstsc. Subsequently click to run the program.

How to Configure a Smart Card Authentication

  • From the mstsc dialogue, click “Options” → “Local Resources” → “More” and enable the “Smart Cards” option and click “OK” to apply the changes.

How to Configure a Smart Card Authentication

  • Next switch back to “General” tab and enter the RDP server hostname or IP address. Click “Connect” to proceed.

How to Configure a Smart Card Authentication

  • The “Windows Security” window allows you to connect via domain credentials or smart card. For the purpose of this test ensure that the smart card reader is connected to the client machine and smart card in inserted.

How to Configure a Smart Card Authentication

  • You will then see the Windows domain user configured in stage 1, point 1. Enter the PIN assigned to the smart card. Click “OK” to connect to the server.

If configured correctly the remote desktop session should be established without prompting for authentication. If the test is successful, move to Stage 3, otherwise revisit the configuration prerequisites outlined in Stage 1.

Stage 3: Configure Parallels Remote Application Server for Smart Card Authentication

Install the Parallels Remote Application Server Publishing Agent on a Windows server joined to the smart card domain configured in Stage 1, point 1. The Terminal Server Agent should be pushed to the RDP server referenced in Stage 1, point 3. At this stage Parallels Remote Application Server will be set up to authenticate users via smart cards.

How to Configure a Smart Card Authentication

  • From the Parallels Remote Application Server console, select the “Connection” category → “Authentication” and from the “Authentication type” drop down, select “Smart Card.
  • Click “Apply” to finalize the configuration.

Stage 4: Configure Parallels Client

Smart card authentication is supported on the Parallels Clients for Windows and Linux. In this example the Parallels Client for Windows will be configured to authenticate with Parallels Remote Application Server via smart card.

How to Configure a Smart Card Authentication

  • Run the Parallels Client and click “File” → “Add New Connection” → “Remote Application Server.”

How to Configure a Smart Card Authentication

  • In the “Server” text box enter the server IP address or hostname of the server where the Publishing Agent is installed.

How to Configure a Smart Card Authentication

  • Next from the “Logon” dialogue → “Authentication Type” dropdown select smart card and click “Connect.”

How to Configure a Smart Card Authentication

  • Ensure the smart card reader is connected and insert the smart card.

How to Configure a Smart Card Authentication

  • Next the user should match to that configured in Stage 1, step 1. Enter the PIN associated to that user and click “OK” to log in.

Applications and desktops published from Parallels Remote Application Server are now listed. Click to access any of these resources without being prompted for credentials.

How to Configure a Smart Card Authentication

Congratulations! You have successfully logged in using smart card authentication.

click here to get started with a Parallels RAS free trial today.


References

Smart Card Authentication: http://searchsecurity.techtarget.com/tip/Security-token-and-smart-card-authentication

Smart Card Authentication: Authenticate Clients Using Smart Cards | technet.microsoft.com

Smart Card Authentication: https://msdn.microsoft.com/en-us/library/windows/desktop/aa380142(v=vs.85).aspx

Smart Card Authentication: Understanding and Implementing Smart Card Authentication | tech-faq

Smart  Cards: https://en.wikipedia.org/wiki/Smart_card

Parallels Remote Application Server



Leave a Reply


Your email address will not be published. All fields are required.