Smart Card Credential Provider

Windows Vista also supports smart card credential provider-passing user credentials upon a smart card being inserted. If there is smart card present, a VPN tunneling Smart Card Credential Provider DLL tile shows on the PLAP layer. Click the tile and enter your smart card PIN to log in.

To install the smart card VPN tunneling credential provider:

1.Make sure your client user is part of a Windows domain.

2.In the Admin console, select User Roles > Role > VPN Tunneling and select the Require client to start when logging into Windows option.

3.When installing VPN tunneling on the client system (running Windows Vista), you are prompted by the GINA window to configure the GINA authentication. Click OK.

Use the smart card to log in to the device from a browser so the config.ini file will contain the smart card login URL which can then be used by the smart card DLL.

4.Once the VPN tunnel is established on the client system, open the VPN tunneling window. Go to the Advanced View and select the Information tab. In the Results section, ensure that the GINA plug-in is configured. You should see something similar to GINA Plug-In: Configured.

To use the smart card credential provider:

1.Log out of Windows and press Ctrl+Alt+Delete.

You should see the Network logon icon located in the lower right corner of your screen. If you see only the Windows user standard tiles, click the Switch user option under the standard Windows credential tiles to see the Network logon icon.

2.Click the Network logon icon and then click the smart card icon.

3.Enter your PIN number or password and click the right arrow button.

VPN tunneling uses the PIN to retrieve the stored certificate and to log in to Connect Secure. After a successful login, the PIN is passed to Winlogon to log in to Vista.

If your Ivanti Connect Secure credential is not the same as your Windows domain credential, an alert box appears. Click OK. If a connection icon appears in the lower right corner of your screen, switch to the standard credential login tiles and log in to Vista. Otherwise, enter your Windows credential in the login box.

VPN tunneling retrieves the user principal name (UPN) from the smart card and compares them with the login user and domain names. If they do not match, the tunnel is disabled. The UPN typically has the format user@domain.