The Username and Password configuration for ExactAccess Kiosk Mode (KM) allows the user to type their credentials or tap a badge to initiate the login to the ExactAccess SSO solution.
Kiosk Mode can be configured to authenticate with a remote source if you have workstations that are configured as non-domain joined workstations. This feature requires that ExactAccess Server be available and configured on a server that is a member of the domain to authenticate with. It also requires additional configuration on each ExactAccess Client as detailed below. If the registry key does not exist, create the key and set the appropriate values.
To use proximity cards in conjunction with the dialogue box, the ProxCard server must be configured and the proxcard device service "HCI ProxCard Client" must be running. A supported reader must also be attached to the workstation.
Citrix Registry Configurations
Registry Path
HKLM\Software\HealthCast\HCCitrixSessionDirectory
Registry Values
| Value Name | Type | Value |
|---|---|---|
| RemoteLogon | DWORD | 0 (set to 1 to enable) |
| CompressionClass | STRING | NONE VCLZIP |
| EncryptionClass | STRING | RIJNDAEL BLOWFISH |
| ID | STRING | *EA12G54 |
*This the default encryption key that matches the server configuration key. It should not be changed for any reason.
Remote Authentication
Registry Path
HKLM\Software\HealthCast\HCCitrixSessionDirectory\Indy
Registry Values
| Value Name | Type | Value | Function |
|---|---|---|---|
| 0000 | STRING | The server DNS name or IP address where HealthCast Remote Session Directory has been installed and configured. | |
| EnabledServerIDs | STRING | 0000 | This must contain at least one active server number. |
| Port | DWORD | 20000 | The default port for communications. If you alter the default listening port during the server installation, update this for the correct port number. |
Client-Side Failover
If you have client-side failover configured for ProxCard, you may also want to configure failover for Remote Authentication. This is accomplished the same way as for ProxCard by adding a new entry to the same ...\HCCitrixSessionDirectory\Indy path:
| Value Name | Type | Value |
|---|---|---|
| 0001 | STRING | add the secondary server DNS name or IP address |
Update the EnabledServerIDs as a comma separated list of active servers:
| Value Name | Type | Value |
|---|---|---|
| EnabledServerIDs | STRING | 0000, 0001, etc |
Domain Dropdown Exclusions
Registry Path
HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\domainlist\exclusions
Registry Values
| Value Name | Type | Value |
|---|---|---|
| 0001 | STRING | excludedDomainName1 |
| 0002 | STRING | excludedDomainName2 |
Continue to add numbers in order for other domain names to be excluded. The excluded domain value(s) should match the text exactly as shown in the dropdown prior to being added to the exclusion list.
Exclude Local Machine from Dropdown
Registry Path
HKEY_LOCAL_MACHINE\SOFTWARE\HealthCast\ExactAccess\Override
Registry Value
| Value Name | Type | Value |
|---|---|---|
| ExcludeLocalComputerFromDomainList | DWORD | 1 |
Customize Password Reset Message
If the registry key does not exist, or a value is not set, and a password reset URL is present, the default message will be used: "Forgot your password? Click here to reset it."
Registry Path
HKLM\Software\HealthCast\PasswordReset
Registry Value
| Value Name | Type | Value |
|---|---|---|
| ResetLinkText | STRING | new reset text |
Command Line Install Parameters
XA_MODE=KM
XA_SRV="server name"
XA_AUDIT_SRV="server name"
XA_PRX_SRV="server name"
X_D_SRV="server name"
X_RA_SRV="server name"
X_KM_DOMVIS=0 # Domain drop-down visible
X_KM_DRVMAP=0 # Drive mapping enabled
X_KM_PRTMAP=0 # Print mapping enabled
X_LUPE=0 # Last user prompt enabled
X_RARL=1 # Remote authentication enabled
X_RAID=EA12G54 # Remote authentication shared key header
XAD_ENABLED=0 # Full SSO enabled=0, Passthrough enabled=1