| |
SecureLogin can provide single sign-on from a user's workstation to back-end mainframe and UNIX* systems. To achieve this, SecureLogin needs to be plugged in to the emulator that the user uses to connect to this back-end system. Terminal Launcher (TLAUNCH.EXE) provides this connectivity.
Terminal Launcher does the following:
You configure Terminal Launcher so that Terminal Launcher connects to the correct mainframe or Telnet emulators and waits for the right login sequence before entering usernames and passwords.
The Terminal Launcher can be configured to launch the terminal session and then run a script to log the user in to the system. Further, Terminal Launcher can perform any keystrokes within an application that a user can do manually.
At the corporate level, the same script can be used for all who log in. Only the username and password and other login-specific variables change.
SecureLogin supports the following emulator types.
To configure an emulator, complete the following steps.
Install the mainframe or Telnet emulators that the user will be connecting with.
Identify the mainframe login sequence or prompts (for example, Login).
Configure TLAUNCH.EXE to know about the emulators you wish to use for single sign-on.
You can define as many emulators as you would like to.
Launch TLAUNCH.EXE by clicking Start > Programs > SecureLogin > Terminal Launcher.
Click Edit Available Emulators.
A screen displays a list of emulators that have been pre-configured. To suit your environment, you can add, edit, or delete emulators.
Terminal Launcher stores its settings in the TLAUNCH.INI file. As installed, this file contains information about a list of emulators that have been tested with SecureLogin. For configuration documents on additional emulators, contact Technical Services.
You can use these pre-configured emulators as examples. To configure an emulator, you must specify to the emulator the correct path for the executable and the mainframe session file (if one is required).
Write the login script to perform the sign-in.
Create a desktop icon for the Terminal Launcher to replace the mainframe emulator icon, or configure a background connection mode if your emulator supports such a mode.
To get started, launch the TLAUNCH.EXE program from the Start, Programs, SecureLogin, Terminal Launcher option. Click Edit Available Emulators in the middle of the terminal launcher screen. This displays a screen that contains a list of the emulators that have been pre-configured and may be removed or edited to suit your environment.
The following example explains how to create a script, configure the login, and set up a shortcut for the application, using Eicon* Aviva as the emulator. This process enables you to access the session by clicking an icon on your desktop.
Right-click the SecureLogin icon on the system tray > select Login Details > click New.
Enter a name (for example, Simple Login) in the Platform Name box > click OK.
Enter the script.
For example, enter the following:
WAITFORTEXT "Enter USERID"
TYPE $username
TYPE @E
WAITFORTEXT "password"
TYPE $password
TYPE @E
Save the script by clicking OK.
Launch Terminal Launcher.
Select Simple Login from the list of available applications < click Add > OK > Done.
Configure Eicon Aviva to use Simple Login by clicking Edit Available Emulators > Eicon Aviva > Edit.
If an emulator is not in the list, add the emulator. Click New > enter a name > select an emulator type > click OK.
Fill in the fields with their correct values > click OK.
The following figure illustrates these fields.
Click OK > Done.
Ensure that Eicon Aviva is selected from the drop-down list in the Emulator box.
This box is in the bottom left corner of the Terminal Launcher screen.
NOTE: If you select OK instead of Close, Terminal Launcher runs the selected script (application) after launching Eicon Aviva. However, when you select Close, the program saves this selection to USERSETTINGS.INI, a file that allows SecureLogin to run the script from a command line.
At Options, check the Save Settings on Exit check box > click Close.
You can set up a shortcut for the application.
Right-click the desktop > select New > Shortcut.
Enter (or browse to) the path for TLAUNCH.EXE.
For example, enter "C:\PROGRAM FILES\SECURELOGIN\TLAUNCH.EXE". Include quotation marks.
To the end of this line, add "/auto.
This addition enables the command line facility of Terminal Launcher. Include the quotation mark. An ending quotation mark comes at the end of Step 5.
Add /pname_of_application
For example, add /pSimple Login.
NOTE: Enter the application name exactly as it appears in the Available Applications list in Terminal Launcher.
Add /ename_of_emulator.
For example, add /eEicon Aviva".
NOTE: Enter the emulator name exactly as it appears in the Available Emulators list in Terminal Launcher.
The box contains this shortcut line: "C:\Program Files\Novell\Securelogin\Tlaunch.exe" "/auto /pSimple Login /eEicon Aviva".
Click Next > name the new application shortcut > click Finish.
When you double-click the shortcut, the shortcut launches Eicon Aviva and runs the selected script.
The SecureLogin Terminal Launcher can launch up to 15 applications at a time, as long as you have enough sessions defined for the particular emulator you are using. To open several applications at once, add one more /panother_application_name for each additional application.
Terminal Launcher can use the following command line parameters.
The following examples include parameters that Terminal Launcher uses:
When an emulator or application is not specified on the command line, Terminal Launcher uses the settings stored in the user settings file (USERSETTINGS.INI). You can modify these settings.
Check the Save Settings on Exit check box.
Close the main program.
Each Terminal Emulator that is configured must have a number of backup sessions configured for it. For most emulators, you are required to have one session file for every session that you want to have running at the same time. These are usually stored as separate files.
When you configure an emulator for use with Terminal Launcher, you must input a session file for it to use. To tell Terminal Launcher that it can use more than one session file, complete the following steps:
Launch Terminal Launcher > click Edit Available Emulators.
Select the correct emulator from the Available Emulators window > click Edit.
Add the backup session files to the Session Files dialog box.
You can launch only as many emulator sessions as there are session files defined.
NOTE: After the emulator is launched, these session files will be executed as a command line parameter. Some emulators (such as QWS3270 Plus) do not have session files. Instead, these emulators have individual sessions stored in the registry. Think of these session files as command line parameters that will be passed to the executable.
You can use Terminal Launcher with Terminal Emulators that do not support HLLAPI but do support scripting that is able to call external DLL files. To do this, you must create a script that asks SecureLogin for commands one at a time and then interprets the commands received.
The following script has been tested with Reflection* 8 for UNIX and Digital*.
Sub SecureLogin()
Dim SecureLoginObject As ISLBroker
Dim ReturnCode As Long
Dim Data As String
Dim targ As Long
Dim FunctType As Long
Dim CR As String
Dim temp As String
Session.Wait 0.1'The waits are necessary for the screen to be updated.
Set SecureLoginObject = New SLBroker
CR = Chr$(rcCR) ' Chr$(rcCR) = Chr$(13) = Control-M
SecureLoginObject.LoadScript
While (1 = 1)
FunctType = 0
'retrieve command from VBABork
SecureLoginObject.GetCommand FunctType, targ, Data
If FunctType = SecureLoginObject.SetCursor Then
' SetCursor is not supported
ReturnCode = 0
ElseIf FunctType = SecureLoginObject.TypeText Then
If (StrComp(Data, "@E", vbTextCompare) = 0) Then
Session.Transmit CR
Else
Session.Transmit Data
End If
Session.Wait 0.1
ReturnCode = 0
ElseIf FunctType = SecureLoginObject.ScanForText Then
bResult = Session.FindText(Data, Session.ScreenTopRow, 0)
ReturnCode = 0
If bResult = True Then
ReturnCode = 1
End If
Else
' End of script
GoTo ErrorHandler
End If
SecureLoginObject.SetReturnCode ReturnCode
Wend
ErrorHandler:
End Sub
The script should also work for Reflection 7. Reflection 6 and earlier versions require a different Reflection script because these versions use Reflection Basic instead of VBA (Visual Basic* for Applications). If you require a script for Reflection 5.21, contact Novell® Technical Services.
To use Reflection for UNIX and Digital, you must add this macro (the Sub SecureLogin() script) by using the macro editor in Reflection. In addition to adding this macro, you must go to the macro editor, select Tools > References, and check the check box titled vbabork2 1.0 Type Library.
If this option is not displayed, ensure that VBABORK2.DLL exists in the SecureLogin directory. If it does not, re-install SecureLogin, making sure to select Terminal Launcher.
If the vbabork2 1.0 Type Library option displays, you must register it.
Open a DOS shell.
Enter regsvr32 followed by the path to VBABORK2.DLL.
For example, enter
regsvr32 "C:\Program Files\SecureLogin\ vbabork2.dll"
A message should indicate that DllRegisterServer succeeded.
Add the reference to this module in Reflection as described above.
Only one session may be launched at a time using SecureLogin. To run the script, you must run the SecureLogin macro once the session has been opened. This may be done automatically in Reflection by selecting Connect Macro from the Connection Setup menu.
By doing this procedure, the SecureLogin macro will run every time the session is opened. Without this procedure, you will need to manually run the macro when you want to run the script.
To run the script, you must set up the emulator in Terminal Launcher.
Launch Terminal Launcher > click Edit Available Emulators. Set up the emulators per normal, but set the HLLAPI type to None.
Select the emulator.
Enter anything in the HLLAPI DLL and HLLAPI Function boxes.
Click OK > Done.
A session file tells the emulator how to connect to the mainframe. In some environments, and with emulators like Attachmate Extra, users on the network may have named their session file uniquely. This means that Terminal Launcher may need to be configured individually for each user.
Terminal Launcher includes a special option that allows it to determine the last-used session file and start that mainframe configuration. This option reduces or eliminates the need to manually configure each user's environment for these type of emulators.
For example, when using Attachmate* Extra's 3270 mainframe emulator, the user starts the emulator, specifying the emulator's configuration session file. Depending on your corporate configuration, the session configuration filename may be different for each user.
When SecureLogin is run in direct mode, SecureLogin launches the emulator on the user's behalf, with the user's own configuration settings. For this to occur, the Terminal Launcher needs to be told what the correct configuration file is. SecureLogin's terminal launcher has a feature that allows it to search for the last used mainframe configuration file and then start the emulator by using this file.
To configure Terminal Launcher to use the last-used configuration file, the command %Latest is used in the Session Files section of Terminal Launcher.
For example, to launch the latest configuration of the Attachmate Extra mainframe, you could enter the following in the Session Files section:
%Latest C:\Program Files\E!98\Sessions\*.edp
This entry causes Terminal Launcher to search the E!98\Sessions directory, looking for the .EDP file with the newest date and time. Terminal Launcher then launches that file with the emulator and connects to the mainframe.
If the file MAINFRAME.EDP had the most recent date and time in the Sessions directory, the resultant command line would look like the following:
C:\Program Files\E!98\extra.exe c:\Program Files\E!98\Sessions\mainframe.edp
| |