Hitachi ID Login Manager Components
The Hitachi ID Login Manager architecture is illustrated in Figure [link].
Login Manager: Internal Components / Architecture (1)
In the diagram:
- All Login Manager software is local to a user's Windows workstation, and is (silently) installed using an MSI package.
- Other than at installation time, the Login Manager client software does not interact with any server components. At most, it loads a set of alternate login IDs, associated with the same user, from the user's Active Directory object at login time.
- The core Login Manager software runs as a privileged service, with hooks into the login system (GINA), the display system and various event queues.
(2) When a user logs in, Login Manager acquires that
user's Windows login ID and password. It then:
- Optionally, looks up the user's profile in the corporate directory, assuming the workstation is connected to the network at the time, to find alternate login IDs that belong to the same user.
- (3) Looks for and, if it finds it, reads a configuration file, that identifies which applications are already known to have login IDs and passwords that are the same as Windows.
- Whenever a user launches a new application, Login Manager:
- Checks to see if it is already a "known application," and if so auto-populates credentials into the appropriate dialog.
- If the application is not recognized, Login Manager watches to see what the user types to log in and if it detects login IDs and passwords that are identical to those from step (_label_gina-login), it records the application's identifying characteristics (e.g., process ID, Window title, etc.) in the configuration file mentioned in step (_label_sso-config-file).