How to pass user credentials to an application - VISULOX Single Sign On - SSO
General usage
The primary login credentials of a user can be passed to the VISULOX Jump Environment for CITRIX and Windows connections.
To do this, the parameter "vlxsso=1" must be set in the Application Environment field in the datastore.
With this parameter a sso_user and sso_password is provided to the vlxshell system. These can be either the primary login credentials or overwritten with vlxuser / vlxpwd. (See: How to assign a fixed username)
vlxshell connection
The vlxshell system uses these parameters to connect to the application.
Sometimes the provided user has to be mapped like "jmike" to "sys_jmike" or "jmike_adm". This can be done by using -usermask in the vlxshell call.
vlxshell -usermask "sys_%USER%", or vlxshell -usermask "%USER%_adm".
vlxshell parameters
| Parameter | Description |
|---|---|
-client <value> | Client type: xterm, vnx, freerdp, firefox, chrome, ... Default: <xterm> |
| -clientcmd <value> | Alternate path to client |
| -title <value> | Title of the GUI |
| -lang <value> | Language. Default <en> |
| -id <value> | Session ID |
| -owner <value> | Owner, who runs this GUI |
| -allowedsites <value> | List of allowedSites in Firefox profile |
| -nolang | Enforce no language |
| -usermask <value> | Mask to add a prefix and/or suffix to sso_user (prefix%USER%suffix) |
| -E <value> | Extension list for Firefox |
| -P <value> | Firefox profile archive or directory |
| -rdpfile <value> | RDP file or VISULOX Script Object |
| -profile <value> | Name of Citrix profile in database |
| -gateway-resource <value> | Name of gateway passcache resource |
| -resource <value> | Name of passcache resource |
| -sync | Enable vlxtransit to application |
| -wait <value> | Wait for connection in seconds. Default: <0> |
Windows connection
For Windows connections vlxWindows.exp can be used, which is based on windows.exp with additional VISULOX entries.
With vlxRdpNoUser.exp the Windows login dialog will be presented to the user and no user/password will be passed through.
There are two possibilities to launch a Windows connection, where the login data will be entered:
- SHIFT-Click on the application link with vlxWindows.exp
- vlxShell with RDesktop / freerdp and "vlxsso=1;vlxuser="
| Parameter | Description |
|---|---|
| vlxsso=0/1 | If true, user and password is provided |
| vlxsso=1;vlxuser=<user-name> | Alternate user is provided |
| vlxsso=1;vlxuser=<user-name>;vlxpwd=<password> | Alternate user and password is provided |
| -no-nla | Allows in freeRDP the connection with/out NLA authentcation |
| %ANY% | Host is requested |
| -u xxxx | NOT ALLOWED as a parameter |
| -d <domain> | Can be added, if missing d "" is set. Domain can be also within the username (domain\\username) |
| -vlxResource <resource name> | Can be used with vlxWindows.exp and an existing resource instead of vlxuser/vlxpwd. |
The following example shows a configuration of an RDP connection via visulox.exp, using the same credentials for login as provided to the VISULOX PORTAL:
Former Environment Variables setting (outdated):
Related Information
The application control variable "vlxMode"