2.7 Installing and Configuring Advanced Authentication Client

Client for open Enterprise Server supports Advanced Authentication to log in to Windows and eDirectory. If you want to use Advanced Authentication for log in, you must download the Advanced Authentication product and install it along with Client for Open Enterprise Server. If you are already using Advanced Authentication for Windows logon and now want to extend its functionality to Client for Open Enterprise Server, you can do so by enabling Advanced Authentication integration functionality when installing Client for Open Enterprise Server.

2.7.1 Installing Advanced Authentication Client with Client for Open Enterprise Server

  1. Extract the Client for Open Enterprise Server installation set.

  2. Copy or move the subdirectory Windows-components from the Advanced Authentication product download to Client for Open Enterprise Server installation set.

  3. (Optional) To configure the default settings, modify the install.ini file located in the root directory of the client build (For example, C:\Micro Focus\Client for Open Enterprise Server 2 SP4 (IR11)). For more information on the settings, see Section 2.7.3, Advanced Authentication Settings in Install.ini.

  4. Run the setup.exe file for Client for Open Enterprise Server and select Custom Installation, then click Next.

  5. Select Advanced Authentication Client, then click Next.

  6. The Advanced Authentication installation options are displayed.

    1. Select the Credential Provider you want to use for logging in to the workstation from the Login experience for Advanced Authentication support: list.

    2. (Optional) Specify the DNS name or IP address of the Advanced Authentication Server in Advanced Authentication Server (optional):.

    3. (Optional) Specify an alternate Advanced Authentication event name for non-domain Windows logon in Advanced Authentication Event Name (optional):, then click Next to complete the Client for Open Enterprise Server installation.

After successful installation of the Advanced Authentication Client and Client for Open Enterprise Server, a new parameter Advanced Authentication is listed in Client Properties > Advanced Login tab > Parameter group list and is set to Enabled by default. This setting enables the Client to use Advanced Authentication when performing an eDirectory login.

NOTE:Installing Advanced Authentication Client during the installation of Client for Open Enterprise Server versions between 2 SP4 (IR6) and 2 SP4 (IR10) sets the Advanced Authentication parameter to On and sets the existing parameter Login With Third-Party Credential Provider to On. This setting enables the eDirectory login attempt using the Windows credentials after the Windows-only logon performed by Advanced Authentication credential provider. For more information on Advanced Authentication credential provider login mechanism, see Section 3.6, Advanced Authentication Credential Provider.

2.7.2 Enabling Advanced Authentication Integration Functionality

The integration of Advanced Authentication and Client for Open Enterprise Server on the workstations already using Advanced Authentication for Windows logon can be achieved by enabling Advanced Authentication-specific behaviors in Client. This does not need any installation or upgrade of Advanced Authentication Client components.

  1. Extract the Client for Open Enterprise Server installation set.

  2. Set InstallAdvancedAuthentication=yes in the install.ini file located in the root directory of the client build (For example, C:\Micro Focus\Client for Open Enterprise Server 2 SP4 (IR6)). For more information on the setting, see Section 2.7.3, Advanced Authentication Settings in Install.ini.

  3. (Optional) To configure the default settings for AdvancedAuthenticationClientDiscoveryHost and AdvancedAuthenticationClientEventName parameters, modify the install.ini file. For more information on the settings, see Section 2.7.3, Advanced Authentication Settings in Install.ini.

  4. Run the setup.exe file for Client for Open Enterprise Server and select the installation option desired, then click Next to complete the Client for Open Enterprise Server installation.

If setup.exe detects that the Advanced Authentication Client is already installed on the workstation, even though the Advanced Authentication Client is not installed along with Client for Open Enterprise Server, the parameters Advanced Authentication is set to Enabled by default in Client Properties. This is because, the parameter InstallAdvancedAuthentication is set to Yes in the install.ini file.

NOTE:If the Client for Open Enterprise Server version is between 2 SP4 (IR6) and 2 SP4 (IR10), the parameters Advanced Authentication and Login With Third-Party Credential Provider is set to On by default in Client Properties.

If AdvancedAuthenticationClientDiscoveryHost and AdvancedAuthenticationEventName parameters are configured in the install.ini, they are added to the Advanced Authentication config.properties file when setup.exe detects the Advanced Authentication Client already installed on the workstation.

2.7.3 Advanced Authentication Settings in Install.ini

  • InstallAdvancedAuthentication=[Yes/No]

    Controls the installation of Advanced Authentication Client during the Client installation if the Advanced Authentication install packages are available in the Client installation set. If this option is set to Yes, the Advanced Authentication Client check box is selected by default during Custom Installation. For Express Installation, this option controls whether Advanced Authentication Client has to be installed in addition to the Client for Open Enterprise Server.

  • InstallAdvancedAuthenticationDeviceServices=[Yes/No]

    This option is valid when InstallAdvancedAuthenticationClient is set to Yes because, Device Services cannot be installed without installing Advanced Authentication Client. This option controls the installation of Advanced Authentication Device Services during the Client installation if the Advanced Authentication install packages are available in the Client installation set. If this option is set to Yes, the Advanced Authentication Device Services check box is selected by default during Custom Installation. For Express Installation, this option controls whether Advanced Authentication Device Services has to be installed in addition to the Client for Open Enterprise Server and Advanced Authentication Client.

  • AdvancedAuthenticationClientDiscoveryHost=[blank/DNS name/IP address]

    Configures the Advanced Authentication Client to use a specific Advanced Authentication server with the DNS name or IP address specified. If left blank, the Advanced Authentication Client attempts to automatically discover Advanced Authentication Servers using DNS. The DNS name or IP address specified is used as the value for discovery.host parameter in the Advanced Authentication Client’s config.properties file. For more information on preliminary configuration on Advanced Authentication Client, see Advanced Authentication - Windows Client Installation Guide.

  • AdvancedAuthenticationClientEventName=[blank/Event name]

    Configures the Advanced Authentication Client to use an event created on the Advanced Authentication for the logon process. If left blank, Windows logon is used as default event. The Event name specified is used as the value for event_name: parameter in the Advanced Authentication Client’s config.properties file. For more information on preliminary configuration on Advanced Authentication Client, see Advanced Authentication - Windows Client Installation Guide.

  • AdvancedAuthenticationLogonExperience=[Keep/NetIQ/OES]

    Controls the mode in which the Client for Open Enterprise Server supports Advanced Authentication. If this option is set to Keep, The logon experince to the users continues to be same as it is currently.

    If this option is set to NetIQ, the NetIQ Advanced Authentication credential provider is used to provide the primary logon experience to the users. A password based eDirectory only login is attempted using the Login with Third-Party Credential Provider feature of the Client after the Windows-only logon.

    If this option is set to OES, the Client for Open Enterprise Server credential provider is used to provide the primary logon experience to the users. The Advanced Authentication logon, eDirectory login, and Windows account logon are all performed using the Client credential provider.