AWI: View Connection Server + Imprivata OneSign Session Settings

Select the View Connection Server + Imprivata OneSign session connection type from the Configuration > Session page to configure the client to authenticate through the Imprivata OneSign system in addition to a View Connection Server when connecting to a VMware desktop.

Alt text
AWI Session Connection type – View Connection Server + Imprivata OneSign

The following parameters can be found on the AWI View Connection Server + Imprivata OneSign page.

AWI View Connection Server + Imprivata OneSign Parameters

Parameter Description
Bootstrap URL Enter the bootstrap URL used to find an initial OneSign server in a OneSign authentication deployment.
OneSign Pool Name Mode Select whether the Pool Name to Select property is used in OneSign mode.
  • Ignore the Pool Name to Select field
  • Use the Pool Name to Select field if set
For Tera1 PCoIP Zero Clients, this parameter is called OneSign Desktop Name Mode.
Pool Name to Select Enter the pool name. When the list includes a pool with this name, the client will immediately start a session with that pool.

This field is case-insensitive. For Tera1 PCoIP Zero Clients, this parameter is called Desktop Name to Select.
Onesign Appliance Verification Select the level of verification performed on the certificate presented by the OneSign appliance server:
  • No verification: Connect to any appliance
  • Full verification: Only connect to appliances with verified certificates
Direct To View Address Enter the address of the View Connection Server to use when OneSign servers cannot be reached. When configured, a Direct to View link occurs on the OSD Connect page and user authentication screens. When users click the link, it cancels the current OneSign connection or authentication flow and starts a Horizon View authentication flow instead. This feature provides a mechanism for OneSign PCoIP Zero Client users to access their View desktops when the OneSign infrastructure is unavailable.
Certificate Check Mode Select the level of verification performed on the certificate presented by the connection server:
  • Never connect to untrusted servers: Configure the client to reject the connection if a trusted, valid certificate is not installed. (This is the most secure option.)
  • Warn before connecting to untrusted servers: Configure the client to display a warning if an unsigned or expired certificate is encountered, or if the certificate is not self-signed and the Tera2 PCoIP Zero Client trust store is empty. (This option is selected by default.)
  • Do not verify server identity certificates: Configure the client to enable all connections. (This option is not secure.)
Certificate Check Mode Lockout When enabled, prevents users from changing the Certificate Check Mode settings from the OSD or AWI.
Trusted View Connection Servers Click the Show button to display View Connection Servers for which the client has received a valid certificate.
Click the Clear button to clear this cache.
Remember Username When enabled, the user name text box automatically populates with the last username entered.
Use OSD Logo for Login Banner When enabled, the OSD logo banner appears at the top of login screens in place of the default banner.
Prefer GSC-IS When enabled, if a smart card (CAC) supports more than one interface such as GSC-IS and PIV then GSC-IS is used. However in the case where the card supports both GSC-IS and PIV, and only PIV objects are configured on the card then the connection may fail. If this is the case uncheck the box and retest. If a smart card supports only one interface, such as either GSC-IS or PIV endpoint, then only the GSC-IS or PIV endpoint interface is used regardless of this setting. This only affects smart card access performed outside of PCoIP sessions.
Enable Peer Loss Overlay When enabled, the 'Network Connection Lost' overlay appears on the display(s) when a loss of network connectivity is detected. Normal hypervisor scheduling delays can falsely trigger this message.
Enable Preparing Desktop Overlay When enabled, the 'Preparing Desktop' overlay appears on the display(s) when users log in.

This overlay provides assurance that login is proceeding if the desktop takes more than a few seconds to appear.
Enable Session Disconnect Hotkey When enabled, users can press the Ctrl+Alt+F12 hotkey sequence to quickly disconnect a PCoIP session. See Disconnecting from a Session for details.
Enable RDS Application Access When enabled and users connect to a VMware Horizon View Connection Server that offers applications, a list of available applications will be presented.

Applications open in full-screen mode, but can be re-sized once users are in session.
PCoIP Utility Bar Mode When enabled, the PCoIP Utility Bar appears at the top of the primary display when a user is in session and moves the cursor directly under the bar. The utility bar can be used to disconnect a session or to shut down a remote workstation. For Direct to Host session connection types, Local Cursor and Keyboard must be enabled in order for the Tera2 PCoIP Zero Client to process mouse events for the utility bar. For all connection types, the mouse must be locally connected (that is, not bridged).
  • Disabled: Disables the PCoIP Utility Bar. By default, the utility bar is disabled.
  • Enabled: Enables and auto-hides the PCoIP Utility Bar. Users can show the utility bar by pointing the mouse at the top of the screen directly under the utility bar. Users can slide the utility bar to the right and left at the top of the screen.
  • Enabled and Pinned: Enables and pins the PCoIP Utility Bar at the top of the screen. Users cannot hide the utility bar, but they can slide it to the right and left at the top of the screen.
This feature is configurable from the PCoIP Management Console and AWI only. It requires firmware version 4.2.0 or higher.
Pre-session Reader Beep Configure whether the proximity card reader beeps when a valid card is tapped on the reader in OneSign mode:
  • Disabled: Disables the feature.
  • Enabled: Enables the feature.
  • Use Existing Setting: Uses the existing setting (affects only devices running firmware 4.1.0 or greater)
Invert Wiegand Data Configure whether or not the rf IDEAS proximity reader will invert the Wiegand bits that are read from a user’s ID token. This feature is useful when some of the rf IDEAS readers in your system are programmed to invert the Wiegand data and others are not. It lets you configure all readers to read the bits in a consistent manner (whether inverted or not inverted), so that all the readers behave the same way from a user’s point of view.
  • Disabled: Disables the feature. Wiegand data are not inverted.
  • Enabled: Enables the feature. Wiegand data are inverted.
  • Use Existing Setting: Uses the existing setting (affects only devices running firmware 4.2.0 or greater).
This feature is configurable from the PCoIP Management Console and AWI only. It requires firmware version 4.2.0 or higher.
Restrict Proximity Cards Configure whether or not proximity cards are restricted to tap-in/tap-out only.
When this feature is enabled, the proximity card reader is locally terminated (that is, it uses drivers in the client’s firmware), and proximity cards can only be used for tap-in/tap-out.
When this feature is disabled, the proximity card reader is bridged by default (that is, it uses drivers in the host OS), and proximity cards are not restricted. They can be used for tap-in/tap-out and also during a session—for example, when an application requires in-session authentication.
  • Only use proximity cards for tap-in/tap-out: Enables/disables the feature.
This feature is configurable from the PCoIP Management Console and AWI only. It requires firmware version 4.2.0 or higher.
Session Negotiation Cipher Suites Configure the Transport Layer Security (TLS) cipher to use for negotiating the TLS session between the PCoIP client and the PCoIP host.
  • Maximum Compatibility: TLS 1.1 or higher with RSA keys: This option provides maximum compatibility.
  • Suite B: TLS 1.2 with Suite B-compliant 192-bit elliptic curve encryption. This option provides a higher level of security.
Disconnect Message Filter This field lets you control what type of messages appear when a session is disconnected. There are three categories:

Information: User- or administrator-initiated actions affecting the session:
  • You have been disconnected because you logged in from another location or your host was shut down or restarted.
  • You have been disconnected because an administrator disconnected you.
  • You have been disconnected because you logged in from another location.
  • You have been disconnected because you disconnected from your workstation.
Warning: System-initiated, but expected actions affecting the session:
  • You have been disconnected because your session timed out.
Error: Unexpected system-initiated actions causing session to fail:
  • You have been disconnected.
  • Unable to connect (0x1001). Contact your IT administrator.
  • Unable to connect (0x1002). Contact your IT administrator.
  • Session closed remotely.
  • Session closed remotely (unknown cause).
  • You have been disconnected due to a configuration error (0x100). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x201). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x300). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x301). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x302). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x303). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x305). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x400). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x401). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x402). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x403). Contact your IT administrator for assistance.
  • You have been disconnected due to a configuration error (0x404). Contact your IT administrator for assistance.
For detailed information about the session disconnect codes, see What do the PCoIP server log disconnect codes mean? (KB 1094).

You can choose to display:
  • Show All – This option shows all disconnect messages including Info, Warning, and Error messages.
  • Error and Warnings Only – This option hides info messages and displays only Error and Warning messages.
  • Show Eror Only - This option hides Info and Warning messages and displays only Error messages.
  • Show None – Don’t show any disconnect messages.
Custom Session SNI When enabled, sets a customized Server Name Indication (SNI) string on authorized man-in-the-middle-enabled clients. The SNI string is appended to the TLS HELLO when the client initiates a connection with the host.
Enable DSCP When enabled, the device populates the Differentiated Services Code Point (DSCP) field in the IP header, enabling intermediate network nodes to prioritize PCoIP traffic accordingly.
Enable Congestion Notification When enabled, transport congestion notification is enabled to enable PCoIP endpoints to react accordingly if an intermediate network node sets the congestion notification bit in either the IP header or PCoIP transport header. For more information about the PCoIP transport header, see PCoIP Packet Format.
Enable IPv6 Address Resolution This setting supports VMware Horizon View 6.1 implementations, which enable View-brokered IPv6 sessions on IPv6-only networks. When enabled, clients can advertise IPv6 and FQDN capability to the View connection Server and receive IPv6 and FQDN peer addresses back.
Prefer IPv6 for FQDN Resolution When enabled, the client’s IPv6 address is preferred for FQDN resolution when the client requests a session.