aXsGUARD Gatekeeper Single Sign-On Utility (SSO) - Vasco

aXsGUARD Gatekeeper 

Single Sign-On Utility (SSO) How To v1.6

aXsGUARD Gatekeeper Single Sign-On Utility (SSO) How To v1.6 Legal Notice 

VASCO Products 

VASCO Data Security, Inc. and/or VASCO Data Security International GmbH are referred to in this document as 

'VASCO'. VASCO Products comprise Hardware, Software, Services and Documentation. This document 

addresses potential and existing VASCO customers and has been provided to you and your organization for the 

sole purpose of helping you to use and evaluate VASCO Products. As such, it does not constitute a license to 

use VASCO Software or a contractual agreement to use VASCO Products. 

Disclaimer of Warranties and Limitations of Liabilities 

VASCO Products are provided ‘as is’ without warranty or conditions of any kind, whether implied, statutory, or 

related to trade use or dealership, including but not limited to implied warranties of satisfactory quality, 

merchantability, title, non-infringement or fitness for a particular purpose. 

VASCO, VASCO DISTRIBUTORS, RESELLERS AND SUPPLIERS HAVE NO LIABILITY UNDER ANY 

CIRCUMSTANCES FOR ANY LOSS, DAMAGE OR EXPENSE INCURRED BY YOU, YOUR ORGANIZATION OR ANY 

THIRD PARTY (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS 

INTERRUPTION OR LOSS OF DATA) ARISING DIRECTLY OR INDIRECTLY FROM THE USE, OR INABILITY TO USE 

VASCO SOFTWARE, HARDWARE, SERVICES OR DOCUMENTATION, REGARDLESS OF THE CAUSE OF THE 

LOSS, INCLUDING NEGLIGENCE, EVEN IF VASCO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH 

DAMAGES, OR IF THEY WERE FORESEEABLE. OUR MAXIMUM AGGREGATE LIABILITY TO YOU, AND THAT OF 

OUR DISTRIBUTORS, RESELLERS AND SUPPLIERS SHALL NOT EXCEED THE AMOUNT PAID BY YOU FOR THE 

PRODUCT. THE LIMITATIONS IN THIS SECTION SHALL APPLY WHETHER OR NOT THE ALLEGED BREACH OR 

DEFAULT IS A BREACH OF A FUNDAMENTAL CONDITION OR TERM, OR A FUNDAMENTAL BREACH. THIS 

SECTION WILL NOT APPLY ONLY WHEN AND TO THE EXTENT THAT APPLICABLE LAW SPECIFICALLY 

REQUIRES LIABILITY DESPITE THE FOREGOING EXCLUSIONS AND LIMITATIONS. 

Intellectual Property and Copyright 

VASCO Products contain proprietary and confidential information. VASCO Data Security, Inc. and/or VASCO 

Data Security International GmbH own or are licensed under all title, rights and interest in VASCO Products, 

updates and upgrades thereof, including copyrights, patent rights, trade secret rights, mask work rights, 

database rights and all other intellectual and industrial property rights. No part of these Products may be 

transferred, disclosed, reproduced or transmitted in any form or by any means, electronic, mechanical or 

otherwise, for any purpose, except as expressly permitted by VASCO or its authorized licensee in writing. 

This document is protected under US and international copyright law as an unpublished work of authorship. No 

part of it may be transferred, disclosed, reproduced or transmitted in any form or by any means, electronic, 

mechanical or otherwise, for any purpose, except as expressly permitted in writing by VASCO or its authorized 

licensee. 

Trademarks 

VASCO®, Vacman®, IDENTIKEY®, aXsGUARD®, DIGIPASS®, and ® are registered or unregistered 

trademarks of VASCO Data Security, Inc. and/or VASCO Data Security International GmbH in the U.S. and other 

countries. Other company brand or product names or other designations, denominations, labels and/or other 

tags, titles, as well as all URLs (Internet addresses) linked to such designations or communications (irrespective 

of whether protected by intellectual property law or not), mentioned in VASCO Products may be the trademarks 

or registered trademarks or be part of any other entitlement of their respective owners. 

Radius Disclaimer 

Information on the RADIUS server provided in this document relates to its operation in the aXsGUARD 

Gatekeeper environment. We recommend that you contact your NAS/RAS vendor for further information. 

Copyright © 2009 VASCO Data Security, Inc, VASCO Data Security International GmbH All rights reserved. 

© 2009 - VASCO Data Security 2

aXsGUARD Gatekeeper Single Sign-On Utility (SSO) How To v1.6 Table of Contents 

Table of Contents 

1 Introduction...............................................................................................................................................8 

1.1 Audience and Purpose of this document.............................................................................................8 

1.2 What is the aXsGUARD Gatekeeper?.................................................................................................10 

1.3 About VASCO..................................................................................................................................10 

2 Concept and Features..............................................................................................................................11 

2.1 Overview.........................................................................................................................................11 

2.2 Supported Operating Systems..........................................................................................................11 

2.3 Features and Advantages.................................................................................................................11 

2.4 Purpose and Concept......................................................................................................................12 

2.5 Installation Modes...........................................................................................................................13 

2.5.1 Domain Mode............................................................................................................................13 

2.5.2 Workgroup Mode........................................................................................................................13 

2.6 SSL Secured Connection..................................................................................................................14 

2.7 Auto Adjustment of Proxy Settings....................................................................................................14 

2.8 Automatic Updates..........................................................................................................................15 

2.9 User Profiles...................................................................................................................................15 

2.10 Particular Cases with Terminal Servers.............................................................................................16 

2.10.1 Without Virtual IP Support...........................................................................................................16 

2.10.2 With Virtual IP Support................................................................................................................17 

3 Installation...............................................................................................................................................18 

3.1 Overview.........................................................................................................................................18 

3.2 Windows Domain Settings................................................................................................................18 

3.3 SSO Utility Installation......................................................................................................................20 

3.3.1 Downloading..............................................................................................................................20 

3.3.2 Windows XP...............................................................................................................................21 

3.3.3 Windows Vista............................................................................................................................26 

3.3.4 Linux.........................................................................................................................................29 

3.4 Upgrading.......................................................................................................................................32 

3.5 Uninstalling.....................................................................................................................................32 

4 Configuration and Use..............................................................................................................................33 

4.1 Overview.........................................................................................................................................33 

4.2 Getting Started................................................................................................................................33 

4.3 Creating User Profiles......................................................................................................................34 



4.4 aXsGUARD Gatekeeper Proxy server.................................................................................................36 

4.5 Setting a Default User Profile............................................................................................................37 

4.6 Activating a User Profile...................................................................................................................38 

4.7 Editing and Deleting User Profiles.....................................................................................................39 

4.8 Linux Configuration..........................................................................................................................40 

4.9 Advanced Configuration...................................................................................................................40 

5 Troubleshooting.......................................................................................................................................42 

6 Support....................................................................................................................................................46 

6.1 Overview.........................................................................................................................................46 

6.2 If you encounter a problem...............................................................................................................46 

6.3 Return procedure if you have a hardware failure................................................................................46 



Illustration Index 

Image 1: Transparent User Authentication.....................................................................................................................................................................12 

Image 2: SSL Secured Connection................................................................................................................................................................................14 

Image 3: SSO Utility Update Notification........................................................................................................................................................................15 

Image 4: SSO User Profiles...........................................................................................................................................................................................15 

Image 5: Terminal Server without Virtual IP Support.......................................................................................................................................................16 

Image 6: Terminal Server with Virtual IP Support...........................................................................................................................................................17 

Image 7: Setting the Allowed Domains..........................................................................................................................................................................18 

Image 8: Windows Domain used by Windows XP...........................................................................................................................................................19 

Image 9: Downloading the SSO Installer........................................................................................................................................................................20 

Image 10: SSO Utility Windows XP – Installation Start....................................................................................................................................................21 

Image 11: Selecting the Installation Mode.....................................................................................................................................................................22 

Image 12: Selecting the Installation Folder....................................................................................................................................................................22 

Image 13: Copying the Files to your Computer...............................................................................................................................................................23 

Image 14: Creating a Default User Profile......................................................................................................................................................................23 

Image 15: Entering Profile Information..........................................................................................................................................................................24 

Image 16: Completing the SSO Utility Installation...........................................................................................................................................................25 

Image 17: Windows Vista Security Warning...................................................................................................................................................................26 

Image 18: Enabling UAC in Windows Vista....................................................................................................................................................................26 

Image 19: Windows Vista Installation............................................................................................................................................................................27 

Image 20: Administrator Password...............................................................................................................................................................................27 

Image 21: User Installation...........................................................................................................................................................................................28 

Image 22: GNOME Integration......................................................................................................................................................................................30 

Image 23: KDE Integration............................................................................................................................................................................................31 

Image 24: Successfull Authentication............................................................................................................................................................................33 

Image 25: Starting SSO Manually.................................................................................................................................................................................33 

Image 26: Creating a User Profile.................................................................................................................................................................................34 

Image 27: Creating a New Profile.................................................................................................................................................................................34 

Image 28: SSO Password Window................................................................................................................................................................................35 

Image 29: Proxy Server Settings...................................................................................................................................................................................36 

Image 30: Firefox Specific............................................................................................................................................................................................36 

Image 31: Setting a Default User Profile........................................................................................................................................................................37 

Image 32: Activating a User Profile...............................................................................................................................................................................38 

Image 33: Deleting a User Profile..................................................................................................................................................................................39 

Image 34: Linux SSO Configuration File........................................................................................................................................................................40 

Image 35: Advanced Settings.......................................................................................................................................................................................40 

Image 36: Login Error..................................................................................................................................................................................................42 



Image 37: Stat-Sec Firewall Policy................................................................................................................................................................................42 

Image 38: Connection Restored....................................................................................................................................................................................43 

Image 39: Invalid User or Password..............................................................................................................................................................................43 

Image 40: Domain Error...............................................................................................................................................................................................44 

Image 41: Windows Logon...........................................................................................................................................................................................44 



Index of Tables 

Table 1: Entering Post Installation Profile Settings..................................................................................................................................24 

Table 2: Not specifying a password.......................................................................................................................................................35 

Table 3: SSO: Advanced Settings..........................................................................................................................................................41 


aXsGUARD Gatekeeper Single Sign-On Utility (SSO) How To v1.6 Introduction 

1 Introduction 

1.1 Audience and Purpose of this document 

This aXsGUARD Gatekeeper Single Sign-On Utility (SSO) How To v1.6 serves as a reference source for 

technical personnel and / or system administrators. It explains the installation and configuration of the 

aXsGUARD Gatekeeper Single Sign-On (SSO) Authentication utility. 

An in-depth description of the aXsGUARD Gatekeeper Authentication concepts is available in a separate 

document, the aXsGUARD Gatekeeper Authentication How To, which is accessible by clicking on the 

permanently available Documentation button in the Administrator Tool. 

In sections 1.2 and 1.3, we introduce the aXsGUARD Gatekeeper and VASCO. 

In section 2, we explain the concept and features of the aXsGUARD Gatekeeper SSO Authentication Utility. 

In section 3, we explain how to download and install the aXsGUARD Gatekeeper SSO Authentication Utility on 

Windows and Linux. 

In section 4, we explain the use and configuration of the aXsGUARD Gatekeeper SSO Authentication Utility. 

In section 5, we provide some solutions to solve difficulties. 

In section 6, we explain how to request support, and return hardware for replacement. 



Other documents in the set of aXsGUARD Gatekeeper documentation include: 

aXsGUARD Gatekeeper Installation Guide, which explains how to set up the aXsGUARD Gatekeeper, and is 

intended for technical personnel and / or system administrators. 

'How to guides', which provide detailed information on configuration of each of the features available as 

'add-on' modules (explained in the next section). These guides cover specific features such as: 

aXsGUARD Gatekeeper Authentication 

aXsGUARD Gatekeeper Firewall 

aXsGUARD Gatekeeper VPN 

aXsGUARD Gatekeeper Reverse Proxy 

aXsGUARD Gatekeeper Directory Services 

Access to aXsGUARD Gatekeeper guides is provided through the permanently on-screen Documentation 

button in the aXsGUARD Gatekeeper Administrator Tool. 

Further resources available include: 

Context-sensitive help, which is accessible in the aXsGUARD Gatekeeper Administrator Tool through the 

Help button. This button is permanently available and displays information related to the current screen. 

Training courses covering features in detail can be organized on demand. These courses address all levels 

of expertise. Please see www.vasco.com for further information. 

Welcome to aXsGUARD Gatekeeper security. 



1.2 What is the aXsGUARD Gatekeeper? 

The aXsGUARD Gatekeeper is an authentication appliance, intended for small and medium sized enterprises. 

In addition to strong authentication, the aXsGUARD Gatekeeper has the potential to manage all of your Internet 

security needs. Its modular design means that optional features can be purchased at any time to support, for 

example, e-mail, Web access and VPN management. The aXsGUARD Gatekeeper can easily be integrated into 

existing IT infrastructures as a stand-alone authentication appliance or as a gateway providing both 

authentication services and Internet Security. 

Authentication and other features such as firewall, e-mail and Web access, are managed by security policies, 

which implement a combination of rules, for example, whether a user must use a DIGIPASS One-Time 

Password in combination with a static password for authentication. Security Policies are applied to specific 

users or groups of users and can also be applied to specific computers and the entire system. 

1.3 About VASCO 

VASCO is a leading supplier of strong authentication and Electronic Signature solutions and services 

specializing in Internet Security applications and transactions. VASCO has positioned itself as a global software 

company for Internet Security serving customers in more than 100 countries, including many international 

financial institutions. VASCO’s prime markets are the financial sector, enterprise security, e-commerce and egovernment. 

Over 50 of VASCO’s client authentication technologies, products and services are based on the VASCO’s one 

and unique core authentication platform: VACMAN . VASCO solutions comprise combinations of the VACMAN 

core authentication platform, IDENTIKEY authentication server, aXsGUARD® authentication appliances, 

DIGIPASS client Password and Electronic Signature software and DIGIPASS PLUS authentication services. For 

further information on these security solutions, please see www.vasco.com. 


aXsGUARD Gatekeeper Single Sign-On Utility (SSO) How To v1.6 Concept and Features 

2 Concept and Features 

2.1 Overview 

The aXsGUARD Gatekeeper Single Sign-On (SSO) Authentication utility is designed to securely and 

transparently authenticate users with an aXsGUARD Gatekeeper from a client PC in the LAN. After successful 

authentication, the users are granted Firewall and Web Access rights based on the provided credentials. 

Topics covered in this section include: 

Supported Operating Systems. 

The features and advantages of the SSO Authentication Utility. 

The SSO purpose and concept. 

Possible installation modes. 

Special cases involving Terminal Servers. 

2.2 Supported Operating Systems 

The aXsGUARD Gatekeeper SSO Authentication Utility can be installed on the following platforms: 

Microsoft: Windows 2000, XP, 2003 and Vista (32-bit and 64-bit versions). 

Linux: All 32-bit distributions of Linux. 64-bit versions are only available on demand. 

2.3 Features and Advantages 

The main advantages and features of the SSO Authentication Utility are: 

It is available for Microsoft Windows as well as Linux. 

The installation is quick, easy and straight forward. 

The SSO Utility can be installed in Domain (Active Directory environment) or in Workgroup mode. 

You have the possibility to create multiple user profiles per user account on a single PC, making the PC 

location independent. 

Users only have to provide and remember their Windows logon, making aXsGUARD Gatekeeper Firewall 

and Web Access Authentication transparent. 

The SSO Utility automatically starts after login. 

Automatic configuration of the Internet browser settings (Microsoft Windows only). 

Automatic detection of the aXsGUARD Gatekeeper. 

Automatic notification of SSO Utility software updates. 

The SSO Utility uses SSL encryption to communicate with the aXsGUARD Gatekeeper. 



2.4 Purpose and Concept 

The purpose of the aXsGUARD Gatekeeper SSO Authentication Utility is to make Firewall and Web Access 

authentication transparent to users. 

Users only have to provide and remember a single set of credentials, for instance their Active Directory user 

name and password (see the image below). When successfully authenticated, users are granted aXsGUARD 

Gatekeeper Firewall and Web Access rights. Detailed information about Firewall and Web Access rights is 

provided in the aXsGUARD Gatekeeper Firewall, Authentication and Web Access How To guides, which can be 

accessed by clicking on the permanently available Documentation button in the Administrator Tool. 

The SSO Authentication Utility supports multiple user profiles. A profile contains a user's aXsGUARD 

Gatekeeper preferences and credentials, e.g. you can create a profile for the office in Boston and one for the 

office in New York. 

As explained in section 2.3, the SSO Utility can be configured to automatically adjust the user's Internet 

browser connection settings (Microsoft Windows only), so that the aXsGUARD Gatekeeper proxy server is used 

for Internet access. The aXsGUARD Gatekeeper Firewall and Web Access rights of the user are applied 

automatically and transparently. 

Image 1: Transparent User Authentication 



2.5 Installation Modes 

2.5.1 Domain Mode 

The SSO Authentication Utility can be installed using the following modes: 

The Windows Domain Mode: Only applies to Windows clients. 

The Workgroup Mode: Applies to Windows and Linux clients. 

The aXsGUARD Gatekeeper SSO Authentication Utility is designed to be integrated with a Microsoft Windows 

Domain. aXsGUARD Gatekeeper Firewall and Web Access rights are granted based on the provided Windows 

Domain (AD) credentials. The user is automatically authenticated with the aXsGUARD Gatekeeper after 

successfully logging on to the Domain. The Windows Domain has to be be listed in the aXsGUARD 

Gatekeeper's allowed domains (see section 3.2). The Domain Mode can only be used on Windows clients. 

Note 

2.5.2 Workgroup Mode 

In Domain Mode, the aXsGUARD Gatekeeper user name has to be identical to the Active 

Directory user name. 

The aXsGUARD Gatekeeper SSO Authentication Utility can also be used without a Microsoft Domain on 

Windows and Linux clients. This is referred to as Workgroup Mode. The SSO Utility allows you to create 

multiple profiles for different users and / or locations. You can set a default user profile, which is automatically 

activated after logging on to the PC. The Workgroup Mode offers several possibilities: 

You can store the user credentials in a user profile: The aXsGUARD Gatekeeper user credentials are 

stored locally on the PC. 

Enforce Password Authentication: If you company policy prevents you from storing passwords locally, you 

can leave the password field blank. As a result, the user is required to authenticate after logging on to 

Windows (see section). 

Enforce VASCO Digipass Authentication: Rather than using a regular password as explained above, it is 

much more secure to use a One-Time Password (OTP) generated by a DIGIPASS. For more information 

about Digipass Authentication, consult the aXsGUARD Gatekeeper Authentication How To, which can be 

accessed by clicking on the permanently available Documentation button. 

Caution 

Do not store the password in a user profile when using Digipass Authentication. 



2.6 SSL Secured Connection 

The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of message 

transmissions on a network. 

For additional security, aXsGUARD Gatekeeper SSO Authentication Utility uses SSL to communicate with the 

aXsGUARD Gatekeeper. The aim is to prevent sensitive information, such as user credentials, from being 

intercepted when they are transmitted over the local network between the user's client PC and the aXsGUARD 

Gatekeeper (see the image below). SSL is enabled by default when the SSO Utility is installed. 

2.7 Auto Adjustment of Proxy Settings 

The aXsGUARD Gatekeeper SSO Authentication Utility offers the possibility to automatically adjust the user's 

Internet browser's proxy server settings after authentication. When the user signs off or when closing his/her 

laptop without signing off or shutting down (a.k.a. suspend mode), the initial browser settings are restored. 

This is a major convenience for users as well as the system administrator(s), as the browser settings never 

have to be manually adjusted. 

Note 

Image 2: SSL Secured Connection 

This feature only applies to Windows platforms. It is not available for Linux until further 

notice. 



2.8 Automatic Updates 

2.9 User Profiles 

Your aXsGUARD Gatekeeper automatically checks the VASCO back office for new versions of the software. 

As soon as an update becomes available, it is downloaded to your aXsGUARD Gatekeeper. In turn, the SSO 

Authentication Utility periodically checks your aXsGUARD Gatekeeper and notifies the user when a new version 

is available for installation by displaying a message in the system tray (see below). This makes system 

administration easier and also saves Internet bandwidth. The SSO Authentication Utility Windows installer is 

compressed in a zip file. The Linux version is compressed in a tgz file. 

Image 3: SSO Utility Update Notification 

A user profile holds the SSO Authentication Utility configuration for a specific aXsGUARD Gatekeeper user. The 

advantage is that you can define multiple profiles per user account, e.g. a profile per office location as shown 

below. 

Image 4: SSO User Profiles 



2.10 Particular Cases with Terminal Servers 

In this section, we describe some particular cases of the SSO Utility when authenticating with the aXsGUARD 

Gatekeeper via a Terminal Server. Two important distinctions have to me considered: 

Terminal Servers without Virtual IP address support. 

Terminal Server which provide Virtual IP addresses. 

2.10.1 Without Virtual IP Support 

The aXsGUARD Gatekeeper SSO Authentication Utility cannot be used when connecting through a terminal 

server which does not support Virtual IP addresses, as each user / IP pair needs to be unique (see image 

below). This applies to older versions of the Citrix Metaframe Presentation Server. 

For more detailed information, consult the aXsGUARD Gatekeeper Authentication How To, which is accessible 

by clicking on the permanently available Documentation button in the aXsGUARD Gatekeeper administrator 

tool. 

Image 5: Terminal Server without Virtual IP Support 



2.10.2 With Virtual IP Support 

When users log on to a thin client, which depends on a central server such as a Citrix Presentation Server or 

an MS Terminal Server, any outgoing traffic generated by the thin client shows the Terminal Server's IP 

address as the source IP address. If multiple users are coming from a single IP address, e.g. in older versions 

of the Citrix Presentation Server, the SSO Authentication Utility cannot be used (see section 2.10.1). 

As of version 4.0 and above, the Citrix Metaframe Presentation Server offers a Virtual IP feature where it can 

assign a unique virtual IP address to each user who logs in. As such, it is possible to differentiate each user's 

traffic based on their Virtual IP address. In other words, each user / IP pair is unique. 

The Virtual IP Addresses are bound to the Citrix Presentation Server NIC and can be consulted via the Windows 

ipconfig command. 

Image 6: Terminal Server with Virtual IP Support 


aXsGUARD Gatekeeper Single Sign-On Utility (SSO) How To v1.6 Installation 

3 Installation 

3.1 Overview 

This chapter covers the steps to successfully install and configure the aXsGUARD Gatekeeper SSO 

Authentication Utility. Topics covered in this chapter include: 

aXsGUARD Gatekeeper Windows Domain configuration settings. 

The SSO Authentication Utility installation. 

3.2 Windows Domain Settings 

If you are not in a Microsoft Domain, you may skip to section 3.3. 

Only authentication requests coming from registered domains are accepted. You also should add any 

subdomain(s), if any. 

Before installing the aXsGUARD Gatekeeper SSO Authentication Utility, you need to verify the Microsoft 

Domain(s) used in your network: 

1. Log on to the aXsGUARD Gatekeeper as explained in the aXsGUARD Gatekeeper System 

Adminstrator How To, which is accessible by clicking on the permanently available Documentation 

button in the Administrator Tool. 

2. Navigate to Authentication > General. 

3. Add / verify your Windows Domain(s) and as shown below. 

4. Click on Update if you have modified any settings. 

Image 7: Setting the Allowed Domains 



Tip 

To find the Domain used by your computer: 

Windows XP: Click on Start > Control Panel. Right-click on System and Select Properties. 

Click on the Computer Name Tab. 

Windows Vista: Click on Start > Control Panel > System and Maintenance > System. If your 

computer is connected to a domain, under Computer name, domain, and workgroup settings, 

you will see the name of the domain your computer belongs to. 

Image 8: Windows Domain used by Windows XP 



3.3 SSO Utility Installation 

3.3.1 Downloading 

In this section, we explain how to download and install the SSO Authentication Utility on Windows XP, Windows 

Vista and Ubuntu Linux, respectively. 

There are two methods to install the SSO Authentication Utility: 

A system-wide installation: Requires Administrator privileges and installs the SSO Authentication Utility for 

all users. 

A non-privileged user installation: Can be performed while logged on as a regular user and installs the 

SSO Authentication Utility for this user only. 

The SSO Utility needs to be downloaded from the aXsGUARD Gatekeeper prior to installation: 

1. Log on to the aXsGUARD Gatekeeper as explained in the aXsGUARD Gatekeeper System 

Adminstrator How To, which is accessible by clicking on the permanently available Documentation 


2. Navigate to Add-ons (see the image below). 

3. Click on the appropriate installer for your system (Windows or Linux) to start the download. 

4. Save the zip file containing the installer to the location of your choice. 

5. Click on Logout. 

Image 9: Downloading the SSO Installer 



3.3.2 Windows XP 

Tip 

If you are upgrading the SSO Authentication Utility, skip to section 3.4. 

System-Wide Installation (for all users) 

Caution 

If you are running the msi installer from a network share, Windows XP will ask you for an 

extra confirmation before proceeding to the actual installation. 

Click on Run to start the installation process. 

To install the SSO Authentication Utility in Windows XP: 

1. Log on to Windows XP with administrator privileges. 

2. Extract the downloaded zip file to the location of your choice (see section 3.3.1). 

3. Double-click on the msi installer to start the Installation. A screen similar to Image 10 is displayed. 

4. Click on Next. 

5. Read and accept the terms in the license agreement. 


Image 10: SSO Utility Windows XP – Installation Start 



7. Check Install for all users of this machine as shown below. 


Image 11: Selecting the Installation Mode 

9. Click on Next to select the default Destination Folder or Click on Change to install the SSO 

Authentication Utility in another folder. 

Image 12: Selecting the Installation Folder 



10. Click on Install. 

11. After a few moments, you will be asked to create a default user profile (see section 2.9). 

Note 

Image 13: Copying the Files to your Computer 

If you have profiles from a previous version, click on No and proceed to step 12 (page 25). 

If no profile information is present, click on Yes (see Table 1). 

Image 14: Creating a Default User Profile 

If you do not create a default profile, the user is automatically prompted to authenticate with 

the aXsGUARD Gatekeeper after logging on to Windows or Linux (pop-up window). 



12. Enter the profile settings, as shown below and explained in Table 1. 

Table 1: Entering Post Installation Profile Settings 

Label Description 

Use Windows Domain Mode 

for this profile 

Name The label of the user profile. 

Check this option if the PC sits in a Windows Domain. The 

username and password fields are grayed out when this option is 

checked, since the Windows Domain credentials are used to 

authenticate with the aXsGUARD Gatekeeper 

(see sections 2.4 and 2.5.1). 

Uncheck this option if the PC is not connected to a Windows 

Domain (Workgroup Mode, see section 2.5.2). 

Description An optional description of the user profile, e.g. Paris office, Boston office. 

aXsGUARD@ The LAN IP address of the aXsGUARD Gatekeeper. The SSO Authentication 

Utility attempts to complete the aXsGUARD Gatekeeper LAN IP address by 

performing a DNS lookup of the default DNS name axsguard. If the DNS 

name is not found, the aXsGUARD@ field needs to be completed manually. 

Username 

(Workgroup Mode only) 

Password 

(Workgroup Mode only) 

Image 15: Entering Profile Information 

The aXsGUARD Gatekeeper user name. 

The aXsGUARD Gatekeeper password. 



13. Click on Finish to complete the setup. 

User Installation (non-administrators) 

When you are logged on to Windows XP as a regular user (without administrator privileges), you can only 

install the SSO Authentication Utility for your own Windows XP user account. The installation procedure is 

identical to the System-Wide installation (see page 21). 

1. Log on to Windows XP as a regular user. 

2. Download the installer as explained in section 3.3.1. 

3. Extract the zip file to the location of your choice. 

4. Double-click on the msi installer. 

5. Follow the on screen instructions. 

Image 16: Completing the SSO Utility Installation 



3.3.3 Windows Vista 

Cautions 

If you are running the installation batch file (instwrapper.bat) from a network share, Windows 

Vista will ask you an extra confirmation (see the image below). Click on Run to start the 

installation process. 

The installation, as explained in this How To, has been executed while the Windows Vista 

User Account Control option is enabled (see the on the bottom of this page). 

The SSO Authentication Utility installation behavior in Windows Vista may vary depending on 

your local user policy settings. 

Tip 

Image 17: Windows Vista Security Warning 

To verify if the User Account Control (UAC) option is enabled: 

Go to the Control Panel and click on User Accounts > User Accounts. 

Image 18: Enabling UAC in Windows Vista 



System-Wide Installation (for all users) 



3. Right-click on the batch file (instwrapper.bat) and select Run as administrator. If you are logged 

on as the administrator (The user name 'Administrator'), double-click on the batch file. 

Image 19: Windows Vista Installation 

4. Enter an administrator password if requested. (When you are already logged on as the administrator, 

Windows Vista will not ask for a password, only a confirmation to continue the installation). 

Image 20: Administrator Password 

5. Follow the same procedure as explained for Windows XP (see 3.3.2). 



User Installation (non-administrators) 

The installation procedure is almost identical to the System-Wide installation. The SSO Authentication Utility 

will be installed for the current user only (see the image below). 

1. Log on to Windows Vista with as a regular user. 



4. Double-click on the batch file (instwrapper.bat) to start the installation process. 

6. Enter an administrator password when requested. 

5. Follow the same procedure as explained for Windows XP (see 3.3.2). 

Image 21: User Installation 



3.3.4 Linux 

To install the aXsGUARD Gatekeeper SSO Authentication Utility on Linux systems, you first have to extract the 

Linux binary from the tgz archive. Once the extraction is complete, you can integrate the SSO Authentication 

Utility with your preferred Window Manager, e.g. GNOME or KDE. 

Notes 

An automated installer for Linux is not available until further notice. 

As there are many Linux distributions, we have limited the instructions in this manual to 

Ubuntu Jaunty (9.04). 

To install the SSO Authentication Utility in Ubuntu Jaunty: 

1. Log on to Ubuntu. 

2. Download the binary for Linux, as explained in section 3.3.1. 

3. Extract the Linux binary from the tgz file to the location of your choice. 

To start the SSO Authentication Utility in Ubuntu Jaunty: 

1. Open the directory where you extracted the Linux binary. 

2. Double-click on the aXsGUARDSSOv2 binary. 

3. Configure the SSO Authentication Utility as explained in chapter 4. 



GNOME Integration 

1. Navigate to System > Preferences > Startup Applications. 

2. Click on Add. 

3. Enter a name for the application, e.g. SSO. 

4. Click on Browse to locate and add the Linux binary. 

5. Enter a description (optional). 

6. Click on Close. 

Image 22: GNOME Integration 



KDE Integration 

1. Open a console, e.g. xterm. 

2. Create a symbolic link in $HOME/.kde/Autostart which points to the aXsGUARDSSOv2 binary 

(see the image below). 

Image 23: KDE Integration 



3.4 Upgrading 

Caution 

If you upgrade from version 1.0 to version 2.0 or higher, you should uninstall the old version 

before upgrading (see section 3.5). 

Make sure to fully exit the aXsGUARD Gatekeeper SSO Authentication Utility prior to an 

upgrade or removal (uninstall). 

Upgrades of the aXsGUARD Gatekeeper SSO Authentication Utility are announced via: 

The changelogs sent with aXsGUARD Gatekeeper revision and version updates. 

A one-time notification message in the Windows, GNOME or KDE system tray (see section 2.8). 

Notes 

3.5 Uninstalling 

This notification message can be disabled (see section 4.9), Advanced Configuration 

Settings). 

As of version 2.0, the aXsGUARD Gatekeeper SSO Authentication Utility automatically 

attempts to remove the previous version when you start the installation procedure. A manual 

uninstall is no longer required. 

Windows XP 

1. Open the Windows Control Panel. 

2. Click on Add or Remove Programs. 

3. Select the aXsGUARD Gatekeeper Authentication Utility. 

4. Click the Change/Remove button. 

Windows Vista 

1. Navigate to Computers. 

2. Click on Uninstall or change a program. 

3. Select the aXsGUARD Gatekeeper Authentication Utility. 

4. Click on Uninstall. 


aXsGUARD Gatekeeper Single Sign-On Utility (SSO) How To v1.6 Configuration and Use 

4 Configuration and Use 

4.1 Overview 

Topics covered in this chapter include: 

4.2 Getting Started 

Starting the aXsGUARD Gatekeeper Authentication Utility. 

How to configure the aXsGUARD Gatekeeper Authentication Utility. 

In Microsoft Windows, the aXsGUARD Gatekeeper SSO Authentication Utility automatically starts after a 

successful login. An icon appears in the system tray. 

Image 24: Successfull Authentication 

Moving your mouse pointer over the tray icon provides the Authentication Status. 

Alternatively, the SSO utility can be started manually in Windows XP and Vista: 

Navigate to Start > Programs > aXsGUARD SSO Tool. Click on the aXsGUARD SSO Tool Icon. 

Image 25: Starting SSO Manually 



4.3 Creating User Profiles 

Right-clicking on the tray icon will show a context menu allowing a user to activate, create, delete or edit a 

user profile. Other menu options include logging off from the aXsGUARD Gatekeeper and shutting down the 

SSO Authentication Utility. 

A user can create different user profiles corresponding to his/her current location and/or specific network 

resource needs (see section 2.9). 

1. Right-click on the tray icon to display the context menu. 

2. Select Create new profile. 

3. Enter the profile settings as explained on page 24. (The Proxy Server and Default Profile settings are 

explained further in this chapter). 

4. Click on Save. 

Image 26: Creating a User Profile 

Image 27: Creating a New Profile 



A user profile consists of a unique name and a short (optional) description, for instance home office, followed 

by the IP address of the aXsGUARD Gatekeeper. 

The SSO Authentication Utility attempts to complete the aXsGUARD Gatekeeper LAN IP address by performing 

a DNS lookup of the default DNS name axsguard. If the DNS name is not found, the aXsGUARD@ field needs 

to be completed manually. 

In Domain Mode (see section 2.5.1), the SSO Authentication Utility also attempts to detect the username and 

the Windows Domain. 

Note 

In Workgroup Mode the domain field will is grayed out. 

There are three instances in which the password field in a user profile may be left blank. 

These are described in the table below: 

Table 2: Not specifying a password 

Instances in which the password field may be left blank 

Windows Domain Mode When working in Windows Domain Mode, the username and password 

fields cannot be edited by the user, since he/she authenticates with the 

Windows Domain server (see section 2.5.1). 

Workgroup Mode If your company policy prevents the storage of aXsGUARD Gatekeeper 

user passwords locally (When not using the Single Sign-On feature), users 

will be prompted to authenticate whenever required (see image below). 

VASCO Digipass For aXsGUARD Gatekeeper systems which are configured for 

authentication with a VASCO Digipass, a password window appears 

whenever a user is required to authenticate (see image below). 

Image 28: SSO Password Window 



4.4 aXsGUARD Gatekeeper Proxy server 

You can also select the aXsGUARD Gatekeeper as your Proxy Server for Internet browsing. The Proxy Server 

provides security against viruses and other malware. It allows you to implement Web Access Control policies at 

the user level, to prevent access to unauthorized and undesired websites. More information about the 

aXsGUARD Gatekeeper Proxy Server (Web Access Module) is available in section 2.7 and the aXsGUARD 

Gatekeeper Web Access How To, which is accessible by clicking on the permanently available Documentation 


Selecting the option Use aXsGUARD as Proxy server will automatically change the browser's proxy settings 

after successful authentication with the aXsGUARD Gatekeeper. This feature only works with Firefox and 

Microsoft Internet Explorer on Microsoft Windows platforms. 


2. Navigate to Edit/Delete profiles. 

3. Select the appropriate profile. 

4. Check the Use aXsGUARD as Proxy server option. 

5. Click on Save. 

Image 29: Proxy Server Settings 

Note 

Image 30: Firefox Specific 

For Firefox, check the Change Firefox proxy settings, as shown in Image 30: Right-click on 

the tray icon and navigate to Settings. Click OK to save your settings. 



4.5 Setting a Default User Profile 

If you have configured more than one user profile (see section 4.3), you can select which profile should be the 

default after logging on to you computer. The default user profile can be changed at any time. 

1. Follow the same steps as explained on page 34. 

2. Check the Use this profile as your default profile option (see below). 

Note 

Image 31: Setting a Default User Profile 

Only one profile can be set as the default. 



4.6 Activating a User Profile 

To manually log on with a specific profile, a user has to select Activate profile from the tray icon menu. A list 

with the available profiles will appear. The profile currently in use will be marked as active (see below). 

To manually activate a user profile: 


2. Select Activate profile. 

3. Click on the desired user profile. 

Image 32: Activating a User Profile 



4.7 Editing and Deleting User Profiles 

The Edit/Delete profiles option allows you to modify or delete a user profile. 

To edit or delete a user profile: 

1. Right-click on the tray icon. 

2. Select Edit/Delete profiles. 

3. Select the desired profile. 

4. Modify the settings and click on Save or click on Delete to remove the user profile. 

Image 33: Deleting a User Profile 



4.8 Linux Configuration 

On Linux systems, the configuration settings for the SSO Authentication Utility are stored in the user's home 

directory in the .aXsguardSSOv2 file (see the image below). The file can be edited with a standard text editor. 

Caution is advised when editing the file. 

The configuration menus of the Linux version are identical to the ones used in the Windows version. 

4.9 Advanced Configuration 

Caution 

it is not recommended to change these settings, unless you are fully aware about the 

intended program behavior and possible results. 

This section covers the advanced configuration settings of the aXsGUARD Gatekeeper SSO Authentication 

Utility. 

1. Right-click on the tray icon. 

2. Click on Settings. (See Table 3). 

3. Click on OK to save the settings. 

Image 34: Linux SSO Configuration File 

Image 35: Advanced Settings 



Table 3: SSO: Advanced Settings 

Setting Description 

Enable secure Login The SSO tool uses an SSL (encrypted) connection 

towards the aXsGUARD Gatekeeper. This option is 

enabled by default. 

Change Firefox proxy settings Enables the automatic configuration of Firefox proxy 

settings when the aXsGUARD Gatekeeper is used as a 

proxy server. This option is enabled by default and only 

affects Microsoft Windows systems (see section 4.4). 

Notify user when new versions becomes 

available 

If enabled, a notification will automatically be displayed 

for about ten seconds, advising the user of available SSO 

Authentication Utility software updates. This option is 

enabled by default. 

Enable Debug output Enables debug output to a logfile axsguard.log in the 

directory where the SSO Authentication Utility is installed. 

This option is disabled by default. 


aXsGUARD Gatekeeper Single Sign-On Utility (SSO) How To v1.6 Troubleshooting 

5 Troubleshooting 

I cannot install the SSO Authentication Utility in Windows Vista 

If you encounter problems during installation, for instance error messages when writing to the registry or file 

system, install the SSO Authentication Utility as an Administrator. 

Connection to server fails 

If you encounter the following error message: 

Verify the following: 

Image 36: Login Error 

1. Is the aXsGUARD Gatekeeper LAN IP address correctly entered in the given user profile? Right-click the 

system tray icon and edit the profile to verify this. 

2. Is it possible to 'ping' the aXsGUARD Gatekeeper LAN IP address? If it cannot be pinged, the network 

connectivity should be checked: is the computer still physically connected to the LAN ? Verify whether the 

network cables are still connected, replace the network cable if necessary. 

3. Check the aXsGUARD Gatekeeper Firewall to verify whether the sec-auth Firewall Rule is present and 

activated in the stat-sec static Firewall Policy (Firewall > Policies > Static > stat-sec, as shown below). 

Image 37: Stat-Sec Firewall Policy 



If the error occurs because of a temporary network outage, the SSO Authentication Utility displays a message 

as soon as the connection is restored. 

Unknown user or password invalid 

If the following error message appears when signing on: 


Image 38: Connection Restored 

Image 39: Invalid User or Password 

1. Check the allowed Microsoft domains in the aXsGUARD Gatekeeper Administrator Tool (see section 3.2). 

This field must be left empty if no domains are used in your network. 

2. Is the username/password combination entered correctly and valid in the aXsGUARD Gatekeeper user list? 

3. Edit the user profile to make sure the correct username has been entered and re-enter the according 

password. Save and reactivate the profile. 



Login not allowed from domain or computer 

If the following error message appears when signing on: 


Image 40: Domain Error 

1. Check the allowed Microsoft domains in the aXsGUARD Gatekeeper Administrator Tool and make sure that 

it matches the domain as defined in your profile (see section 3.2). 

2. Make sure you are logged on to the Windows domain and not locally (see image below). When using 

Workgroup mode, no domain should be specified in the aXsGUARD Gatekeeper Administrator Tool. 

Image 41: Windows Logon 



Digipass Authentication fails 

1. Make sure you did not store a password in the user profile (see section 2.5.2). 

2. Test the DIGIPASS in the Administrator Tool. 

3. Check if the DIGIPASS is correctly assigned to the user. 

4. Check the user's Web Access and Firewall Policy settings. 

Detailed information about Authentication and DIGIPASS configuration settings is available in the aXsGUARD 

Gatekeeper Authentication How To, which can be accessed by clicking on the permanently available 

Documentation button in the Administrator Tool. 


aXsGUARD Gatekeeper Single Sign-On Utility (SSO) How To v1.6 Support 

6 Support 

6.1 Overview 

In this section we provide instructions on what to do if you have a problem, or experience a hardware failure. 

6.2 If you encounter a problem 

If you encounter a problem with a VASCO product, please follow the steps below: 

1. Check whether your problem has already been solved and reported in section 5 or in the Knowledge 

Base at the following URL: http://www.vasco.com/support. 

2. If there is no solution in the Knowledge Base, please contact the company which supplied you with the 

VASCO product. 

3. If your supplier is unable to solve your problem, they will automatically contact the appropriate VASCO 

expert. If necessary, VASCO experts can access your aXsGUARD Gatekeeper remotely to solve any 

problems. 

6.3 Return procedure if you have a hardware failure 

If you experience a hardware failure, please contact your VASCO supplier. 


aXsGUARD Gatekeeper Single Sign-On Utility (SSO) How To v1.6 Support 

Alphabetical Index 

Accessing Documents..................................................................................................................................................................................................9 

Active Directory.....................................................................................................................................................................................................11pp. 

Authentication...............................................................................................................................................8pp., 20pp., 24pp., 28p., 32pp., 40pp., 45 

aXs GUARD Gatekeeper..............................................................................................................................................................................................10 

Citrix.......................................................................................................................................................................................................................16p. 

Digipass....................................................................................................................................................................................................................13 

DIGIPASS.............................................................................................................................................................................................2, 10, 13, 35, 45 

Directory Services........................................................................................................................................................................................................9 

Documents..................................................................................................................................................................................................................9 

Domain Mode............................................................................................................................................................................................................35 

Firewall......................................................................................................................................................................................................9p., 12p., 42 

GNOME............................................................................................................................................................................................................29p., 32 

KDE..................................................................................................................................................................................................................29, 31p. 

Microsoft Domain........................................................................................................................................................................................13, 18, 43p. 

Proxy Server............................................................................................................................................................................................12, 14, 36, 41 

Proxy Settings............................................................................................................................................................................................................14 

Return Procedure.......................................................................................................................................................................................................46 

Reverse Proxy..............................................................................................................................................................................................................9 

Secure Sockets Layer.................................................................................................................................................................................................14 

SSL...........................................................................................................................................................................................................2, 11, 14, 41 

Support.....................................................................................................................................................................................................................46 

suspend mode...........................................................................................................................................................................................................14 

Suspend Mode...........................................................................................................................................................................................................14 

Terminal Servers..................................................................................................................................................................................................11, 16 

Training Courses..........................................................................................................................................................................................................9 

UAC...........................................................................................................................................................................................................................26 

User Account Control..................................................................................................................................................................................................26 

user profile.............................................................................................................................................................................................15, 34p., 37pp. 

user profiles...............................................................................................................................................................................................................12 

Virtual IP.................................................................................................................................................................................................................16p. 

VPN.............................................................................................................................................................................................................................9 

Web Access...............................................................................................................................................................................................................12 

Windows Domain Mode..............................................................................................................................................................................................13 

Workgroup Mode.......................................................................................................................................................................................................13

aXsGUARD Gatekeeper Single Sign-On Utility (SSO) - Vasco

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?