Tokens

Sun Ray tokens are authentication keys used to associate a session with a user. A token is a string that consist of a token type and an identifier. If a user inserts a smart card into a DTU, the card's type and identifier are used as the token (for example mondex.9998007668077709). If the user is not using a smart card, the token type pseudo and the DTU's identifier (MAC address) are supplied as the token (for example pseudo.080020861234).

The initial token is used to check access rights and to determine the user's session. During this process, the token is eventually translated into other token types (such as escape token, auth token, etc.) used internally by the Sun Ray system. As an administrator, you rarely need to deal with these internal token types, focussing instead on the initial tokens provided on smart cards or as pseudo-tokens.

You can register smart card tokens and pseudo-tokens in the Sun Ray data store to assign them to specific users (also known as token owners). You can store the owner's name as well as any other information that helps you to manage tokens in your organization. You can also register alias tokens to enable users to access the same session with multiple tokens. For example, if a user loses a smart card, you can register a new smart card as a replacement. This will be an alias token.

If Kiosk Mode functionality has been installed and configured on your system, you can also specify, for each token, whether the user should be directed to a regular (non-Kiosk) session or a Kiosk session when the token is inserted. This allows you to override the group-wide Kiosk Mode setting specified on the System Policy page.

Much like the utuser command, the Tokens tab lists all tokens currently registered in the Sun Ray data store. You can search for specific tokens by entering a search string that includes parts of either the token identifier, owner, or other information. The Search menu enables you to limit the scope of the search further, so that it is also possible to display all currently used tokens, regardless of their registration.

The Policy tab (under the Advanced tab) make it possible to define high-level access rules for either smart card access or pseudo-token access as well as access rights for registered tokens (see Policy help page).