Taskbar How to Guide
From Swivel Knowledgebase Wiki
Contents |
Overview
The Taskbar utility is a Microsoft Windows executable that either can be activated through the start/programs menu or resides in the users Taskbar and allows a user to generate a Single Channel image for authentication, or to request a dual channel security string to be sent or show the user which security string to use when multiple security strings are sent by SMS or email. It is particularly useful where the image cannot be embedded into the access device, such as SSH, FTP or IPSEC VPN clients.
The taskbar can also be used to fingerprint the device through which an authentication is being made, turning the laptop, desktop, server into a token which must be used for authentication, for further information see the PositiveID How to Guide
The Taskbar utility is deployed as an .msi and can deployed by SMS.
Prerequisites
PINsafe 3.x
PINsafe Taskbar Client software
Windows PC
Architecture
The Taskbar Client requests the PINsafe image from the PINsafe server. The PINsafe server must be accessible from the Client, this is usually configured through Network Address Translation. A proxy can also be used, the PINsafe appliance has a proxy port built in usually https://<IP Address>:8443/proxy
PINsafe Configuration
Enabling Session creation with username
To allow the Single Channel image to be used with the Taskbar, session request by username needs to be enabled. Go to the ‘Single Channel’ Admin page and set ‘Allow Session creation with Username:’ to YES.
To test your configuration you can use the following URL using a valid PINsafe username:
Appliance
https://PINsafe_server_IP:8443/proxy/SCImage?username=testuser
Software install
http://PINsafe_server_IP:8080/pinsafe/SCImage?username=testuser
Taskbar Installation
Starting the Taskbar Setup Wizard
On the client where the Taskbar is to be installed run setup.exe or PINsafeTaskbarSetup.msi. this will start the Taskbar Setup Wizard. Click Next to continue.
Select Installation Folder
Select the installation folder and who will use the installation, then click Next to continue.
Confirm Setup Details and Install
Verify that installation of the taskbar should begin by clicking on Next.
The PINsafe Taskbar will install showing its progress.
When complete the Setup Wizard will verify it has completed, click Close to finish the Setup Wizard.
Taskbar Configuration
The Taskbar configuration can be selected by right clicking on the Taskbar and then server settings:
Taskbar options explained
Username: The username to be used for authentication. Leave blank to use the username that the user is currently logged in with. Use ? to ask the username when an authentication request is made.
Connection type: How the connection is to be made to the PINsafe server, options are Direct, IIS Filter, ISA Filter, Proxied. IIS and ISA options can be used when PINsafe has an integration with these products.
Server: The PINsafe server hostname or IP address, this is usually a NAT behind which the PINsafe server resides
Port: The port used for connecting to the PINsafe server, for the appliance this is 8443 by default
Path: The install name of the pinsafe instance, usually pinsafe, for the appliance this is proxy by default
SSL Settings: To use SSL ensure a tick is in this box, for the appliance this should be on by default
Permit self-signed certificates: Tick this box if self signed certificates are to be used, for the appliance this is should be ticked by default
Servers: The order in which servers are contacted for authentication, this can be changed by using the Up and Down buttons, servers can also be Removed and Added
Proxy Server: Settings can be added for a local proxy server for the local Windows PC to access the internet
Add Server: Additional PINsafe servers can be added here
Export: The Taskbar utility settings can be exported
Import: The Taskbar utility settings can be imported
Transport Selection
The Taskbar from version 1.4 can be used to generate Dual Channel SMS messages or the security String index telling the user which security string to use where multiple security strings are sent in an SMS or email message. To select these options right click on the Taskbar utility and select Get String Index to find which security string to use, or Request Security String to receive a new Security String by SMS or email, a Confirmed image will appear to acknowledge the request. For more information on the Security String Index see Multiple Security Strings How To Guide
Security String Index telling user which security string to use
Security String request confirmed image
Enabling PositiveID Authentication on the Taskbar
Right click on the PINsafe Taskbar and click on the line Use PositiveID, ensure a tick appears next to the menu item. For further information on PositiveID see the PositiveID How to Guide
Uninstalling the Taskbar
Use the Windows Program Management tools to uninstall the software.
The following program will remove registry settings Taskbar Cleaner Program
The settings for the Taskbar application are stored in the registry under \\HKEY_CURRENT_USER\Software\Swivel Secure\PINsafeTaskbar. The uninstall program removes the PINsafeTaskbar key, and if no other entries are found, also the Swivel Secure key.
Since the entries are under HKEY_CURRENT_USER, if multiple users have run the application on the same machine, each one will need to run the application as themselves.
Known Issues
'No Image is generated and The underlying connection was closed: An unexpected error occurred on a send.
TLS protocol extension called Server Name Indication (SNI) is an optional TLS extension protocol and must be supported on both client and server for it to be operational. Windows Vista, Window 7 and 2008 server onwards support the protocol. It may be possible to add the server hostname to the list of recognised hosts on the front end firewall. This issue is resolved in version 1.4.2 onwards of the Taskbar.
Taskbar Problems
No Image is generated
Ensure settings are correct, particularly IP, port, SSL, and self signed certificates
Is a 'Single Channel Session' message generated on the PINsafe server logs for the user
can the user generate a session in the users web browser using: https://<IP>:8443/proxy/SCImage?username=test for an appliance or http://<IP>:8080/pinsafe/SCImage?username=test for a software install.
Also check here Turing Image absent
The server committed a protocol violation. Section=ResponseStatusLine
This error can be generated when PINsafe is running https, but SSL is not enabled the Taskbar, ensure the SSL Settings is enabled with a tick
