MetaPass™ SSO Desktop Deployment - Administrator Guide

The Universal Single Sign-On Solution

SSO Desktop Deployment

Administrator Guide

Version 4.6

Rev. 0109

TM & © 2009 MetaPass, Inc. All rights reserved. 1

 MetaPass™ SSO Desktop Deployment - Administrator Guide

Contents
Introduction................................................................................................................................................3
MetaPass Main Components.................................................................................................................3
SSO Desktop Client...................................................................................................................................4
User Profile............................................................................................................................................4
SSO Desktop Client Installers...............................................................................................................5
System Requirements............................................................................................................................6
Installing SSO Desktop manually in Windows ....................................................................................6
Auto-Deploy...............................................................................................................................................7
First time launching SSO Desktop........................................................................................................7
Use server.xml to avoid showing the Server Info window ...................................................................8
Recomended KIOSK Deployment........................................................................................................9
Updating the SSO Desktop Client...........................................................................................................10
Updating software to new version.......................................................................................................10
Uninstall the software on Windows.....................................................................................................10

TM & © 2009 MetaPass, Inc. All rights reserved. 2

 MetaPass™ SSO Desktop Deployment - Administrator Guide

Introduction
Enterprise single sign-on (SSO) allows computer users to access multiple secure
systems with a single authentication, without the need to type and remember
multiple passwords. Benefits include increased security, control, compliance, and
productivity; and reduced help desk costs and user frustration.

MetaPass Main Components

MetaPass Server
MetaPass uses client and server architecture to manage each SSO Desktop
clients. The MetaPass Server stores all the data and configuration files from
MetaPass Administrator. It also distributes updates to SSO Desktop clients, and
manages backup from clients.

MetaPass Administrator
MetaPass Administrator is an administrative client application for IT personnels.
Creating new application profiles, setting up authentication schemes, enrolling
users, and applying policy to clients are performed in this tool. All the data from
this tool will be stored in the server.

MetaPass SSO Desktop

MetaPass SSO Desktop is a client application for end users, and it performs the
login process for them. It receives application profile update and policy update
from server when ever available.

TM & © 2009 MetaPass, Inc. All rights reserved. 3

 MetaPass™ SSO Desktop Deployment - Administrator Guide

SSO Desktop Client

The SSO Desktop Client mainly consists of 2 components. The first part is the
client software itself, and it is universal. The executable client installer is
provided for this part of deployment. The second part is the User Profile. The
User Profile includes the configuration file of the Authentication and Storage of
SSO Client and user's credential files if applicable.

User Profile
SSO Desktop will not operate if no User Profile is found on the user's account.
User Profile consists of 1 or more files, depends on the Authentication and
Storage configuration that is used to enroll the users in the MetaPass
Administrator client. It's often that the User Profile contains files that are
uniquely generated for the users. This User Profile needs to be placed in the
User's MetaPass Folder (user's Application Data/MetaPass for Windows, and
user's home/MetaPass for Mac and Linux). From version 4.6, this User Profile
can be copied automatically by Auto-Deploy feature.

authconfig.xml
If you have deployed SSO Desktop client successfully, you will always see a
configuration file called authconfig.xml under the User's MetaPass Folder. This
file is generated when you setup the Authentication and Storage in the MetaPass
Administrator client. It tells SSO Desktop that what type of authentication is used
and where to store the user's credentials.

Examples of User Profile

Windows Authentication template:
If you use the Windows Authentication for Authentication and Storage Setup, you
will see the following files under the User's MetaPass Folder.
● authconfig.xml – In this file, it tells SSO Desktop to use Windows
Authentication (DPAPI) to protect user's data and store user's data under
the User's MetaPass Folder.
● creds.xml – This is the user's data file that stores all the user's credentials
and certificates to communicate with the server. Since this file is unique
for each users, Auto-Deploy feature is helpful to deploy this file to each
client computer.

TM & © 2009 MetaPass, Inc. All rights reserved. 4

 MetaPass™ SSO Desktop Deployment - Administrator Guide

KIOSK template:
If you use the KIOSK template for Authentication and Storage Setup, you will
see the only one file under the User's MetaPass Folder.
● authconfig.xml – In this file, it tells SSO Desktop to use KIOSK
configuration. The user's data is stored in the server and protected by
server.

SSO Desktop Client Installers

The EXE format of the client installer is provided by default. The MSI installer or
installers for other platforms are also available upon the request.
The silent installation feature is included on the installers, so you can use your
third-party client management tools (BigFix, Languard, Lanworks, AD(Active
Directory) or etc.) for client installation.
The option for the silent installation for EXE installer is:
MetaPass_SSO_Setup.exe /S /LANGUAGE=en
/S means silent mode, no pop-up on the user's machine.
If no /LANGUAGE option is specified, it will install in English. Use
/LANGUAGE option to selects the preferred language. The languages supported
today are:
Language Option
English en

Spanish es

French fr

German ge

Italian it

Japanese jp

Traditional Chinese (Taiwan) tw

TM & © 2009 MetaPass, Inc. All rights reserved. 5

 MetaPass™ SSO Desktop Deployment - Administrator Guide

System Requirements
● Windows 2000/2003/XP/Vista/2008,
Ubuntu Linux, Red Hat Linux, SUSE Linux, or Mac OS X
● Minimum 1GB free space on the hard drive
● Minimum 512MB RAM

Installing SSO Desktop manually in Windows

● Log onto client computer with Administrator's privileges.
● Double-click on the MetaPass_SSO_Setup.exe file to start the installation
process.
● Follow the instructions on the screen to go through the installation process.

TM & © 2009 MetaPass, Inc. All rights reserved. 6

 MetaPass™ SSO Desktop Deployment - Administrator Guide

Auto-Deploy
Since SSO Desktop client will not operate without User Profile, Auto-Deploy
feature helps to deploy the appropriate User Profile. First, it connects to the
server to authenticate the user, and then copy the User Profile to User's
MetaPass Folder for the first time launching SSO Desktop.

First time launching SSO Desktop

The following Server Info window appears when you first time launch SSO
Desktop.

Enter the Server Name or IP and Port Number of the MetaPass Server and click
OK. If it connects to the server successfully, a file called server.xml will be
created under the User's MetaPass Folder. This file will be explained more in
detailed later.

The Authentication window above will show up if the server is connected

TM & © 2009 MetaPass, Inc. All rights reserved. 7

 MetaPass™ SSO Desktop Deployment - Administrator Guide

successfully. This window prompts users to enter their domain credentials to

authenticate the users. For Non-Domain users, they will recieve an e-mail with
user ID and password after the enrollment. Leave this Domain feild empty and
enter the user ID and password from the e-mail.

Finally, the SSO Desktop main window will appear if the user has been
authenticated successfully. At this point, the User Profile has been depolyed
successfully as well.

Use server.xml to avoid showing the Server Info window

As mentioned previously, a file called server.xml will be created under the User's
MetaPass Folder after the first time entering the server name and port number on
the Server Info window. This file tells the SSO Desktop the server locaion. If
you open the file you will see the following line.
<server host="sso-server" port="5000" />
Since this file will be same for all users, you can simplify the deployment process
for the users by avoiding showing the Server Info window.
● Create server.xml as explained above.
● Find server.xml file under the User's MetaPass Folder.
● Now, this file can be placed on the 3 possible locations.
○ User's MetaPass Folder – This folder has the highest priority.
However, it is not recemmended to use this location becuase you will
have to copy this file to each user's User's MetaPass Folder (if the
cilent computer can be shared) on each cilent computer.
○ All User folder – This folder is available on Windows only. E.g.
C:\Documents and Settings\All Users\MetaPass\

TM & © 2009 MetaPass, Inc. All rights reserved. 8

 MetaPass™ SSO Desktop Deployment - Administrator Guide

○ Installation folder – To be specific, it has to be running folder. E.g. C:\

Program Files\MetaPass SSO\run\system\
● Use your third-party client management tools or startup script to copy this
server.xml file to each client computer.

Recomended KIOSK Deployment

Since no user credentials is stored locally for KIOSK configuration, you can
deploy SSO Desktop client without asking user's domain credentials (by showing
Authentication window). In addition to server.xml file described above, you only
need one more configuration file called authconfig.xml. This authconfig.xml file
is also same for all the KIOSK computer. Therefore, like server.xml file, place
this file to the All User folder or Installation folder to complete the deployment.

TM & © 2009 MetaPass, Inc. All rights reserved. 9

 MetaPass™ SSO Desktop Deployment - Administrator Guide

Updating the SSO Desktop Client

Updating software to new version
To update the SSO Desktop client to new version in Windows, in most of the
cases, it is not necessary to uninstall the current version of the software. Please
follow the following procedure for the EXE installer.
● Launch the new SSO Desktop client installer or use silent installation
mode to over write the old files.

Uninstall the software on Windows

● Go to Add or Remove Programs on the Control Panel and remove
“MetaPass SSO”
● The User's MetaPass Folder and User Profile will not be deleted
automatically. Delet them manually if needed.

TM & © 2009 MetaPass, Inc. All rights reserved. 10