Aloaha Smartlogin contains a Credential Provider for Windows Vista/7/8/2008/2012 and a Gina for older windows. It supports many different ways to logon a user to the windows session.

Active Directory is supported but NOT required!

The most popular way of using Aloaha Smartlogin without Active directory is with “any Smartcard natively supported by Windows or 3rd party middleware” as explained in http://blog.aloaha.com/2012/08/13/what-are-softtoken-in-aloaha-smartlogin/

Now we introduced new registry settings to allow the user to maintain one central, server based CredentialStore.

If you point the Registry Key: ”HKLM\Software\<Wow6432Node\>Aloaha\CSP\ForcedCredentialStore” to a share in your network Aloaha will copy automatically all files from that network store to the local machines credential store (<installdir>\CredentialStore) whenever the user logs on.

Many important settings are saved in the local file UserPass.ini. If you point ”HKLM\Software\<Wow6432Node\>Aloaha\CSP\MasterUserPassIni” to a file this file will be automatically copied to the file defined in ”HKLM\Software\<Wow6432Node\>Aloaha\CSP\UserPassIni” (Usually <installdir>\UserPass.ini)

Please dot not hesitate to contact us at info@aloaha.com in case you need further and personal assistance.

Some weeks ago we explained how to disable unwanted Credential Providers completly.

http://blog.aloaha.com/2012/08/20/how-to-hide-credential-providers-from-the-windows-logon-user-interface-using-windows-group-policy/

Aloaha Credential Provider Filter

In some cases Credential Providers should be hidden from the Logon User Interface BUT still usable from within the session. For example somone might not want to see the Username/Password Tile during logon but obviously still requires it when mounting a network drive or connecting via RDP to another machine. In those case you cannot hide/disable the providers via windows group policy but a Credential Provider Filter is required.

Aloaha Smartlogin comes with an integrated Credential Provider Filter to be able to hide Tiles from the Windows Logon Interface WITHOUT removing its functionality inside the session.

To activate the Aloaha Credential Provider Filter you need to open the file UserPass.ini in the installation folder. In the section CredentialProviders you can configure different filter for different provider. To enable a filter please set it to 1. Below the section to disable ALL non Aloaha Provider:

[CredentialProviders]
25CBB996-92ED-457e-B28C-4774084BD562=1
3dd6bec0-8193-4ffe-ae25-e08e39ea4063=1
503739d0-4c5e-4cfd-b3ba-d881334f0df2=1
6f45dc1e-5384-457a-bc13-2cd81b0d28ed=1
8bf9a910-a8ff-457f-999f-a5ca10b4a885=1
94596c7e-3744-41ce-893e-bbf09122f76a=1
AC3AC249-E820-4343-A65B-377AC634DC09=1
e74e57b0-6c6d-44d5-9cda-fb2df5ed7435=1
F8A0B131-5F68-486c-8040-7E8FC3C85BB6=1

Die neue deutsche Gesundheitskarte eGK enthaelt Datensaetze, die von vielen Besitzern eingesehen werden moechten. Dieses ist mit dem Aloaha Cardconnector ganz einfach moeglich. Sie brauchen nur den Aloaha Smartcard Connector von http://www.aloaha.com/download/cardconnector.zip installieren und dann die Datei HealthDataTest.exe aus dem Installationsordner starten. Normalerweise der Ordner Wrocklage im “Programme Ordner”

Natuerlich koennen nicht nur die neuen eGKs betrachtet werden sondern auch die alten KVKs!

Eine Lizenz wird fuer das betrachten der Datensaetze NICHT benoetigt! Eine Lizenz wird nur dann erfordert wenn man das Schluesselmaterial der innovativen Karte fuer die Signierung oder Verschluesselung benutzen moechte.

The new Aloaha Smartlogin has been released today. It can be downloaded from http://www.aloaha.com/download/smartlogin.zip

Evaluation Keys can be requested from info@aloaha.com

Aloaha Smart Login

Our new version supports a broad range of Logon Token:

• Plain USB Memory Stick. Username/Password is saved encrypted on any plain USB Memory Token. This feature is currently freeware and does not require any domain.
  http://blog.aloaha.com/2012/08/12/use-plain-usb-memory-stick-as-windows-logon-token/
  video: http://blog.aloaha.com/2012/07/25/windows-logon-with-plain-usb-memory-stick/ 
• I2C Memory Card. Username and Password are written encrypted to the Memory Card. This mode does NOT require any domain or middleware installed and furthermore i2c cards are very cheap!
• PKCS#11 Token. The Username and Password can be saved in a protected field on your PIN protected PKCS #11 Smartcard or Token. The machine is not required to be member of any domain!
  http://blog.aloaha.com/2012/08/12/how-do-i-save-my-logon-credentials-to-a-pkcs11-token/
  video: http://blog.aloaha.com/2012/07/26/windows-logon-via-credentials-saved-encrypted-on-pkcs-11-token/
• Any Smartcard natively supported by Windows or 3rd party middleware. We call this also Encrytion Token since Username and Password will be encrypted with the certificate on the card but saved locally (or on a share/URL) as encypted softtoken. To logon the user needs the PIN, the smartcard and the softtoken has to be reachable. This methods works without any domain controller!
  http://blog.aloaha.com/2012/08/13/what-are-softtoken-in-aloaha-smartlogin/ 
  video: http://blog.aloaha.com/2012/07/28/windows-logon-via-any-smartcard/ 
• PKI/Kerberos Logon with Windows or 3rd Party supported smartcard as above but in this new mode NO Username or Password is being saved anywhere. The logon is a pure Kerberos Logon. That implies also that a Domain Controller and a Domain Certificate is required!
  video: http://blog.aloaha.com/2012/07/29/windows-logon-via-any-smartcard-and-kerberos/

Requirements

1. Windows XP 32 bit
2. Windows Vista or higher (32 and 64 bit)
3. “Smart Card” Service running (SCardSvr)
4. .NET 3.5 or higher installed
5. Logon Token. For example USB Memory Key, Smartcard, Memorycard, Mobile.

Special Features:

Licensing

• The use of Plain USB Stick token is freeware
• For licensed user of the Aloaha Middleware (Aloaha Cardconnector) Smartlogin is freeware
• Licenses for Smartlogin can be purchased on http://www.aloaha.com/shop-en/aloaha-smart-login.php

Some settings in <installdir>UserPass.ini are essential to control the look and feel and behavior of the Credential Tiles and/or the GINA.

[Generic]

Enable/Disable Username Field in Credential Provider Tile or Gina
One value should be always 1 and one value 0
DisableUserName=1
EnableUserName=0

AllowUP controls wether the Aloaha Service should enable or disable other credential tiles. AllowUP=0 disables ALL other credential tiles! If you want to use group policies please have a look at: http://blog.aloaha.com/2012/08/20/how-to-hide-credential-providers-from-the-windows-logon-user-interface-using-windows-group-policy/
AllowUP=1

The Kerberos Section defines which Smartcards are considered as PKI/Kerberos Cards
If the value the Middleware Name or Smartcard Name is 1 the Smartcard is not considered as Encryption Token but als pure PKI Card!
The value 1 should NEVER be used in stand alone machines but ONLY in domain machines!

[Kerberos]
aloaha_3BDB18FFC080B1FE751F035A43372E352052455620416F=1
Aloaha Cryptographic Provider=1
Datakey M 330=1
eToken Base Cryptographic Provider=1

The Aloaha Smartlogin GINA supports a broad range of logon token. For example Memory Sticks, Memory Cards (i2c), PKI Smartcards and also PKCS11 Token.

Depending on the token detected the Aloaha GINA will look different.

On http://blog.aloaha.com/2012/08/14/aloaha-smart-login-gina/ we explained already PKI/Kerberos Cards.

Here we will explain the GINA for all NON PKI or Kerberos Smartcards.

Per default the screen will look like:

Aloaha SmartLogin Gina any Token

In case the Domain/Username field is empty Aloaha will guess the Domain/Username automatically. With many tokens that is possible since the token itself contains the Username.

For that reason we made it easy to disable the Username Field completly. Just open the <installdir>\Userpass.ini and edit the required entries as shown below:

[Generic]
DisableUserName=1
EnableUserName=0
AllowUP=1

After a reboot the result looks like:

Aloaha Smart Login Gina no Username

The idea of Aloaha Smartlogin is to support all types of Logon Tokens. For example Memory Sticks, Memory (i2c) Smartcards, PKI Smartcards, Mobiles, etc.

Depending on the type of card used the Aloaha GINA Logon Screen will look different.

PKI or Kerberos Smartcards are Smartcards which are supported by Windows. Either native or via 3rd Party Smartcard Middleware or Minidriver.

For Aloaha to be able decide to treat a smartcard as PKI card or just as Encryption token it requires an entry in the <Installdir>UserPass.ini.

The Middleware- or Smartcard Name has to be set in the Kerberos Section as shown below. The example enables Safenet and Aloaha Smartcard as PKI Token.

PLEASE NOTE: PKI Token can be ONLY used for Domain Users! It is not possible to use them for stand alone machines!

[Kerberos]
aloaha_3BDB18FFC080B1FE751F035A43372E352052455620416F=1
Aloaha Cryptographic Provider=1
Datakey M 330=1
eToken Base Cryptographic Provider=1

A number of tokens is hardcoded as PKI Token in Aloaha. Should you whish to add another token please contact info@aloaha.com

As soon Aloaha detects as PKI Token the Logon GINA will look like:

Aloaha GINA PKI Card Logon

Es wird sehr bald eine neue Edition des Aloaha SmartLogins geben.

In der neuen Version koennen Sie sich nun mit folgenden Medien an Ihren Rechner anmelden:

1. beliebige Smartcard                (http://blog.aloaha.com/2012/07/28/windows-logon-via-any-smartcard/)
2. Kerberos Token                         (http://blog.aloaha.com/2012/07/29/windows-logon-via-any-smartcard-and-kerberos/)
3. Secure SIM                                  (http://blog.aloaha.com/wp-content/uploads/2013/02/Aloaha_secureSIM_M2M.pdf)
4. Secure uSD
5. Handy/Mobile
6. PKCS #11 Token                          (http://blog.aloaha.com/2012/07/26/windows-logon-via-credentials-saved-encrypted-on-pkcs-11-token/)
7. USB Speicherstick                      (http://blog.aloaha.com/2012/07/25/windows-logon-with-plain-usb-memory-stick/)
8. i2c Memory Card
9. CTAPI
10. Benutzer definiert via Plugin Interface

Active Directory ist NICHT erforderlich!

Bitte kontaktieren Sie info@aloaha.com fuer weitere Informationen!

Aloaha Smartlogin can use ANY Smartcard to save certificate encrypted credentials locally to be used as Logon Token. Certificates can be hosted also on secure uSD Cards, Secure SIM (GSM/UMTS), etc.

NO ACTIVE DIRECTORY REQUIRED! Any Certificate works!

Download: http://www.aloaha.com/download/smartlogin.zip

This video shows the Aloaha Smartlogin using encrypted credentials saved on a PKCS #11 Token such as the eToken. It is ideal for smartcard based logon for machines which are NOT member of a domain.

You can download the software from http://www.aloha.com/download/smartlogin.zip