Username and Password Configuration

The Username and Password dialog for kiosk mode allows the user to type login credentials or tap a badge to initiate the login to the ExactAccess SSO solution. Focusing on the manual login process, the user interface may be customized by changing the background images, the font face, color and size for various prompts, as well as the layout of the dialog utilizing a mask image.

It may be desirable to configure Kiosk Mode to authenticate with a remote source if you have workstations that are configured as non-domain-joined workstations. This feature requires that HealthCast ExactAccess Server be available and configured on a server that is a member of the domain to authenticate with. It also requires additional configuration on each ExactAccess Client as detailed below. If the registry key does not exist, create the key and set the appropriate values.

To use proximity cards in conjunction with the dialog, the ProxCard server must be configured, and the proxcard device service "HCI ProxCard Client" must be running. A supported reader must also be attached to the workstation.

Configuration

HKLM\Software\HealthCast\HCCitrixSessionDirectory

RemoteLogon: reg_dword = 0 (set to 1 to enable)

The following registry settings must also be present and configured

• CompressionClass: reg_sz = one of the following values:
  • NONE
  • VCLZIP
• EncryptionClass: reg_sz = one of the following values:
  • RIJNDAEL
  • BLOWFISH
• ID: reg_sz = an encryption key that must match the server configuration key.
  • Default server install key is "EA12G54"
  • This key is in addition to the connection key generated on each connection, and is not the only piece of information necessary to encrypt/decrypt the communication requests.

HKLM\Software\HealthCast\HCCitrixSessionDirectory\Indy

• 0000: reg_sz = The server DNS name or IP address where HealthCast Remote Session Directory has been installed and configured.
• EnabledServerIDs: reg_sz = "0000" - this must contain at least one active server number
• Port: reg_dword = 20000 - the default port for communications. If you have altered the default listening port during the server installation, update this for the correct port number.

If you have client side fail over configured for ProxCard, you may also want to configure fail over for Remote Authentication. This is accomplished the same way as for ProxCard.

Add a new entry:

• 0001: reg_sz - add the secondary server DNS name or IP address
• Update the EnabledServerIDs as a comma separated list of active servers:
  • EnabledServerIDs: reg_sz = "0000,0001"

Domain Dropdown Exclusions

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\domainlist\exclusions

0001: reg_sz = "excluded domain name 1"

0002: reg_sz = "excluded domain name 2"

Continue to add numbers in order for other domain names to be excluded - these exclusion values should exactly match the text as shown in the dropdown prior to being added to the exclusion list.

Excluding the Local Machine from the Dropdown

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Override

ExcludeLocalComputerFromDomainList: reg_dword = 1

Changing the Password Reset Text

HKLM\Software\HealthCast\PasswordReset

ResetLinkText: reg_sz = "new reset text"

If the key does not exist, or is not set, and a password reset URL is present, the default text "Forgot your password? Click here to reset it." will be used.

Command Line Install Parameters

XA_MODE=KM
XA_SRV=(server name)
XA_AUDIT_SRV=(server name)
XA_PRX_SRV=(server name)
X_D_SRV=(server name)
X_RA_SRV=(server name)
X_KM_DOMVIS=0 (domain drop down visible)
X_KM_DRVMAP=0 (drive mapping enabled)
X_KM_PRTMAP=0 (print mapping enabled)
X_LUPE=0 (last user prompt enabled)
X_RARL=1 (remote authentication enabled)
X_RAID=EA12G54 (remote authentication shared key header)
XAD_ENABLED=0 (Full SSO enabled=0, Passthrough enabled=1)

Display Examples

Display styles will apply color to the input boxes and the login buttons. Other colors must be configured with the settings listed on this page.

Setting a Style/Theme

To set a particular style or theme for display:

HKLM\Software\HealthCast\ExactAccess\Display

LoginFormStyle: reg_sz = "<a valid style file name or full path and file name, including .VSF extension>"

Amakrits.vsf

Windows10Blue.vsf

Windows10Dark.vsf

Display Settings

Login Dialog
When editing and saving the _MASK file, be sure that pure colors are used and no anti-aliasing is performed on this image. Tools other than Microsoft Paint automatically blend borders into the background color, effectively shrinking the desired display area.

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\display

• Login Directions - e.g. tap your card, enter your username, enter your PIN, etc.
  • LoginDirectionsFontColor: reg_dword - the NBGR (none,blue,green,red values from left to right) color the text for the login directions will be displayed in.
  • LoginDirectionsFontSize: reg_dword - the size of the font in points for the login directions.
  • LoginDirectionsFontFontFace: reg_sz - the font face name of the login directions display.
• Login Fields - e.g. username, password, PIN, etc.
  • LoginFieldPromptFontColor: reg_dword - the NBGR (none,blue,green,red values from left to right) color the text for the field prompts will be displayed in.
  • LoginFieldPromptFontSize: reg_dword - the size of the font in points for the field prompts.
  • LoginFieldPromptFontFontFace: reg_sz - the font face name of the field prompts.
• LoginFormStyle: reg_sz: the file name of the style to apply to the login display.

Enable Biometrics

To enable biometrics as an alternate authentication method, the following registry key can be set.

HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\OverrideAlternateLoginEnabled: reg_dword = 1 to enable alternate login button, 0 to disable alternate login button.

Graphical Customization

Replacing the Kiosk Mode Background images

In C:\program files\HealthCast\ExactAccess, there are two image files.

• LoginBackground_FORE.bmp
• LoginBackground_MASK.bmp

The default background (fore) image is a 500x311 image containing the complete background image including border.

The loginBackground_MASK.bmp is used to position the user interface elements to accommodate the layout of the *_FORE image graphic.

The simplest approach to designing a new image is to copy the LoginBackground_MASK.bmp to a file named LoginBackground_FORE.png

Open the LoginBackground_FORE.png and make desired changes, taking into account the positioning of the elements. The design can be placed over any open, white space around the element location sections as found in the LoginBackgroun_MASK.bmp.

The default login dialog background is a PNG image.

These sections correspond to the following user interface elements:

numbers in ( ) correspond to Red, Green, Blue (RGB) values in that order.

Black (0,0,0) - this is the login portion of the dialog prompt, and will include the domain user name, domain password, and potentially, the domain drop down list. It is important that the dimensions of this box remain relatively unchanged so as to not inadvertently clip the user interface elements to be displayed in this area.

• Blue (0,0,255) - the Login button position.
• Red (255,0,0) - the Cancel/Reset button position.
• Aqua (0,255,255) - the ProxCard indicator image position and size (both the prox [ProxImage.png] and keyboard [NoProxImage.png] images should be the same size, and match this dimension)
• Yellow (255,255,0) - Help text describing what the user should do (such as tap a proximity card)

The mask determines where the login elements will be displayed over the top of the login background

Once you have the design created around the user interface elements, you can remove those element markers by filling the rectangles with the chosen background color (it does not have to be white) to match your presentation.

To deploy this updated background, include it in a transform, or optionally, if you have HCIDeploy configured, add it to the a deployment package.

Other deployment methods (such as Microsoft SMS) may also be used. Simply deploy the updated bitmap or PNG to the correct location for the operating system (C:\Program Files\HealthCast\ExactAccess)