Symantec Workspace Corporate Logon Architecture
nSuite Technologies (now part of Symantec) developed a unique set of modules that efficiently and rapidly deploy workstation secure biometric authentication and single sign-on within an enterprise.
At the core of nSuite's (now known as Symantec Workspace Corporate-SWC) product is the custom PrivacyShell GINA. The PrivacyShell GINA is the mechanism used for both intercepting the end-user log-on process as well as monitoring the end-user launching of applications.
The PrivacyShell GINA provides for various authentication methods, multi-modes of workstation viewing, and access to applications.
The Automatic Application Log-on (AAL) modules use a unique combination of the PrivacyShell GINA, dynamic link library (DLL) technology and database driven parameters to handle any application authentication.
SWC does not employ "scripting techniques" or "time delays" when delivering end-user credentials for single sign-on. By performing Application Log-on in a client GINA, applications currently running in the enterprise do not need to be modified in order to use PrivacyShell.
So let's see how what happens behind the scenes :
- PS GINA prompts user for authentication method(Biometric, Password, Smartcardetc)
- User authentication information is sent from PS GINA to SWC Authentication Engine
- PS Authentication Engine authenticates user against SWC Database, which contains a link between the user's SWC authentication and Active Directory user
- PS Authentication Server performs LDAP query to retrieve and package the following information:
- User information
- Workstation information
- Group Information
- Application SSO credentials
- SWC Authentication Servers' passes user package back to PSGINA
- PS Gina receives user package from SWC servers:
- Type of desktop to be rendered
- Workstation attributes
- PS Gina passes user package to Microsoft Domain for complete Winlogon
- Logon to Workstation call
- Logon User call for token generation
- Establish Trust Relationship
- Launch Desktop WinLogon
- Drive mapping
- PrivacyShell.exe user desktop is launched. PrivacyShell desktop monitors the following:
- Application Provisioning
- Auto Application instantiation
- SSO for applications
- Rapid Desktop Switching
- Session Parking
- Roaming Sessions( if applicable)
- Application Redirection
- Workstation Attributes