Skip to main content
Skip table of contents

CP - Overview

Windows Credential provider allows users use Veridium authentication methods in Windows logon / unlock scenarios. This is beneficial for both physical machines e.g. laptops as well as virtual desktops (VDI).
Following chapters shows how  to setup, configure, authenticate and troubleshoot the Windows Credential Provider.

Architecture

Credential provider is a software installed on Windows client machine allowing to use Veridium authentication methods to logon to windows environment.
Prerequisites:

  • Client computer must be joined to Active directory domain

  • Veridium RA/EP software must be installed and configured.

  • Certificate based authentication must be configured on Active directory domain.

Network communication schema

Windows credential Provider requires following connections:

  1. Credential Provider -> VeridiumEP. To test:

    1. Start cmd.exe as administrator

    2. Start CMD in a context of Local computer:

      CODE 
      	psexec -i -s cmd.exe


      (psexec might be downloaded here https://learn.microsoft.com/en-us/sysinternals/downloads/psexec
      Execute (in the computer system context):

    3. execute command

      CODE 
      whoami


      expected answer is:

      CODE 
      nt authority\system

    4. Start browser by following command:
      explorer "<https://<VeridiumEP> Server FQDN>/BopsEnroll/BopsEnroll.svc/Test"

    5. User will be prompted to enter username / password. If so, enter your domain credentials

    6. You will see resulting message "DEV\\milos is logged on."This is a confirmation that Credential Provider can reach Veridium EP server.
      In case you see any error, go to EP server and search for IIS logs. Default path is:
      C:\inetpub\logs\LogFiles\W3SVC1
      Open latest file modified, go to end of the file:
      2022-02-19 17:53:53 W3SVC1 WinSrvMilos2 192.168.3.128 GET /BopsEnroll/BopsEnroll.svc/Test - 443 DEV\milos 192.168.3.128 Mozilla/5.0+… - 200 0 0 110
      The most important is resulting code. 200 0 means all OK.
      There are following codes available: Refer to https://httpstatuses.com/ or https://en.wikipedia.org/wiki/List_of_HTTP_status_codes

  2. Credential Provider -> VeridiumID server: test URL:

    1. Start cmd.exe as administrator

    2. Start CMD in a context of Local computer:
      psexec -i -s cmd.exe
      (psexec might be downloaded here https://docs.microsoft.com/en-us/sysinternals/downloads/pstools) Execute (in the computer system context):

    3. Execute command:
      whoami
      expected answer is:
      nt authority\system

    4. Start browser by following command:
      explorer "<https://<VeridiumIS> Server FQDN>/websec/rest/health/metrics"

    5. Resulting message contains Metrics information:

  3. Credential Provider -> VeridiumRA. Test URL is: <https://<RA> server FQDN>/RaWebApp/Status/Default.aspx
    open new browser window and try URL. Response should look like this:

in case there is not possible to reach VeridiumRA server from client, check Firewall rules, proxy settings, etc.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close