When smart card redirection is enabled on a Linux desktop, a user can authenticate into the desktop using a smart card reader connected to the local client system. To set up smart card redirection, you must perform some configuration steps.
Overview of Smart Card Redirection
Smart card redirection is supported on desktops based on virtual machines running the following Linux distributions:
- RHEL 8.x
- RHEL 7.x
- Ubuntu 18.04/16.04
- SLED 12.x SP3
- SLES 12.x SP5/SP3
When you install Horizon Agent, you must first disable SELinux. You must also specifically select the smart card redirection component because the component is not selected by default. For more information, see install_viewagent.sh Command-Line Options.
If the smart card redirection feature is enabled on a virtual machine, vSphere Client's USB redirection does not work with the smart card.
Smart card redirection supports only one smart card reader at a time. This feature does not work if two or more readers are connected to the client system.
Smart card redirection supports only one certificate on the card. If more than one certificate is on the card, the one in the first slot is used and the others are ignored. This behavior is a Linux limitation.
Configuring Smart Card Redirection
To configure smart card redirection, perform the following tasks.
- Set up the smart card by following the instructions from the smart card vendor.
- Integrate the base virtual machine with an Active Directory domain, following the procedure for your Linux distribution.
- Configure smart card redirection on the base virtual machine, following the procedure for your Linux distribution.