|
Installation instructions for Thick and for Thin client (Citrix and RDP)
User guide for installing Trust1Connector for using Commfide's smart card with e-ID.
Brief introduction of the solution.
- Trust1Connector is a local client that runs on the user's PC/MAC to communicate with login applets from Commfides, such as ID-porten, HelseID , Kjernejournal etc. You can also have your own direct integration
- the applet runs in a browser and communicates with the local client which handles communication with local hardware such as smart cards.
- Applet and client supports EIDAS and both SEID1 and SEID2 certificates
- For applications that need a direct integration of the Commfides applet, this is easily supported via the OpenID protocol.
There are 2 types of installations available for the Trust1Connector.
1. Normal Thick Client, uses PC/MAC.
2. Thin client for use against multi-user environments such as Citrix and Terminal servers.
We have made several versions of the latest package, depending on which setup and policies you are running.
You can download the files from here:
https://support.commfides.com/index.php?/Knowledgebase/Article/View/319
1 . For multi -user environments such as terminal servers and CITRIX servers, you should choose SandboxOnly_3.3.0.zip (10.27 MB) This must be installed and run on every user session who logs on to the server. The package contains an MSI package and the EXE file itself.
The MSI package only installs the EXE file to the given folder (see readme.txt), but if you choose to run the EXE directly instead of installing the MSI, you must ensure that you start the EXE file yourself, e.g. when logging in as a user. The EXE file must be started with some parameters (see readme.txt). You can also just copy and place the exe file without running MSI.
There are no registry changes or other configuration. EXE should only be run with parameters, which will start a process for the individual user.
The task of the sandbox client is to connect each individual user to the common PROXY client on the server.
2. Download: Proxy_3.3.0.zip (1.73 MB) This must be downloaded and installed/run as system user on the server. NB: Only one PROXY installation per server.
Both PROXY and Sandbox start their own dedicated process. PROXY must be started with system user. For example , when starting the server, while Standalone must be started for each user who logs in. Remember to start the sandbox with the right parameter (readme.txt) Proxy has no parameter. Only run exe.
The other packages such as Standalone Automatic are intended for single PCs that run the applet via their own OS and browser. This installs everything automatically (but uses VBS script) Standalone Manual is intended for the same type of single PC that runs the applet via its own OS and browser, but only copies the files. The system responsible must ensure that the files are started in their own way (remember sandbox with parameter)
Note:
Port 12345 must be open for communication on the server between the Client Sandbox and the Proxy application.
Questions and answers:
Trust1Connector-Proxy-x64.msi \ Proxy MUST be installed at startup?
ANSWER : no. It is only necessary that it be installed before the user connects to the server so that it can serve the user. You can install it as you wish. If you reinstall the server each night, make sure to either include the PROXY application in the image or install it again after each reinstall.
Are there any requirements on which service account\user runs this process?
ANSWER : yes, on the server, a process with admin rights must run the PROXY client.
Must Trust1Connector-Proxy-x64.msi be run, or can one only run "t1c-cpp-api_x64.exe"
ANSWER : You can only run the exe file
Trust1Connector.msi must also be installed? Or is it enough to run t1c-sandbox-service_x64.exe with the parameters?
ANSWER : This does not need to be installed on the server itself, only in the client session/desktop. You can run the exe file with parameters or install MSI. MSI require vbscript to allow to run for the install.
Trust1Connector must also be installed\running on the client you connect to Citrix with?
ANSWER : Yes, this should be run one instance on each client.
Are there any options to turn on debug logging etc. ?
ANSWER : Yes, it is logged to
C:\Users\username\AppData\Local\Trust1Connector\Logs on the user's client
Does t1c-sandbox-service_x64.exe reside on the server (% localappdata %\Trust1Connect\), or can I put it on a share?
ANSWER : Hello, this does not need to be on the server, but it must be installed on the client. For installation, it can be downloaded from a share or cloud.
If so, will the Log directory be created\written to it, or will it write to % localappdata % \... ?
ANSWER : The user client will create the entire path including the log folder if you use the MSI package. Otherwise, it must be created manually
I Have looked in the Log directory on the client side, but if you run t1c-cpp-api_x64.exe manually, info appears in the cmd window.
Is it logged somewhere, or can it be defined?
ANSWER : If you start this directly, a CMD window is started. You can start it with task scheduler and service account. Then you can start it silently.
This starts a process that you will find again under the process tree as t1c-cpp-api.exe. The MSI package itself places the exe file in the Programs files 64 folder and the Trust1Connector-Proxy folder.
The background is that those who do not support installing MSI or running vbs script can use the EXE files directly, but then the folders are not created and they must be started in a custom way. With MSI, vbs script is used which handles the automation. But not all allow vbs script.
To support Citrix, the PROXY client must be installed on each Citrix server included in the farm.
If the server is reinstalled every night, the client should be added to the installation image itself, or run one after installation, e.g. in the startup script.
The file is 800 kb and the file is called Trust1Connector-Proxy.x64/86.msi
The user client Trust1Connector-x64/86.msi must run on the client PC
| 