When smart card redirection is enabled on a remote desktop, a user can authenticate into the desktop using a smart card reader connected to the client system. To set up smart card redirection, you must perform some configuration steps.
Overview of Smart Card Redirection
Smart card redirection is supported on desktops running the following Linux distributions with the specified versions of Horizon Agent installed.
|Linux Distribution||Horizon Agent|
|RHEL 8.1||Horizon Agent 7.12 or later|
|RHEL 8.0||Horizon Agent 7.10 or later|
|RHEL 7.1 or later||Horizon Agent 7.8 or later|
|RHEL 6.6 or later||Horizon Agent 6.2.1 or later|
|Ubuntu 20.04/18.04/16.04||Horizon Agent 7.9 or later|
|SLED/SLES 12.x SP3||Horizon Agent 7.9 or later|
When you install Horizon Agent, you must first disable SELinux. You must also specifically select the smart card redirection component because the component is not selected by default. For more information, see install_viewagent.sh Command-Line Options.
If the smart card redirection feature is enabled on a virtual machine, vSphere Client's USB redirection does not work with the smart card.
Smart card redirection supports only one smart card reader at a time. This feature does not work if two or more readers are connected to the client system.
Smart card redirection supports only one certificate on the card. If more than one certificate is on the card, the one in the first slot is used and the others are ignored. This behavior is a Linux limitation.
Configuring Smart Card Redirection
To configure smart card redirection, perform the following tasks.
- Set up the smart card for your desktop by following the instructions from the Linux distributor and from the smart card vendor.
- Integrate your desktop with an Active Directory domain, following the procedure for your Linux distribution.
- Configure smart card redirection on your desktop, following the procedure for your Linux distribution.