Novell Documentation: Novell SecureLogin 3.51 SP2

Managing Applications

When a user starts an application for the first time after it has been enabled for single sign-on, the script prompts the user for application credentials. SecureLogin encrypts and stores the credentials in the directory against the User object. During subsequent logins, the credentials are automatically passed to the application.

The Applications tab lists applications that have been enabled for single sign-on. You can enable applications by using the Applications page or the Add Applications Wizard.

Enabling Applications for Single Sign-On

This section provides information on the following:

Enabling Applications with Prebuilt Scripts

A prebuilt script already contains commands that SecureLogin requires for single sign-on. SecureLogin provides prebuilt scripts for many applications. The fastest way to determine whether a prebuilt script exists is to start the application and log in. If a prebuilt script exists, the SecureLogin single sign-on prompt displays.

To enable an application that has a prebuilt script:

In the Applications tab, click New.

By default, SecureLogin displays a list of applications that have prebuilt scripts:
Click an application listed in the Description pane.
Add the application to the list by clicking OK.
(Conditional) For Web applications, change the application type to Web or Advanced Web.

The default type is Windows. If you don't change the type to Web or Advanced Web, the script won't work.

When you select New Application to add a Web application in SecureLogin 3.51.2, you can select either the Web type or the new Advanced Web type.

The Web option remains in SecureLogin 3.51.2 so that customers who upgrade from previous versions of SecureLogin don't lose their existing Web scripts. In SecureLogin 3.51.2, the Web type can use the Advanced Web script commands the same as the new Advanced Web type can.

In earlier SecureLogin releases, Web pages were scripted as whole pages. Therefore, SecureLogin couldn't distinguish among frames within the Web page. The Advanced Web scripting feature allows you to script for a particular frame within a Web page.

For information on Advanced Web Script commands that you can use (for example, Attribute) see "SecureLogin Commands" in the Nsure SecureLogin 3.51.2 Scripting Guide.
Save the application type by clicking OK, then enable the application for single sign-on by clicking Apply or OK.

Enabling Applications that Don't Have Prebuilt Scripts

If SecureLogin doesn't provide a prebuilt script, you can create a script that enables the application for single sign-on.

In the Applications page, click New.
Select New Application.
Provide information in the Type field and text boxes.

Type: In the Type drop-down list, select the application type (for example, Windows or Advanced Web).
Executable Name/Name: For a Windows application, type the executable filename (for example, PlainFare.exe) in the Executable Name or Name text box.
URL: For a Web or Advanced Web application, type the URL where the application is found (for example, http://www.hotmail.com).
Description: In the Description text box, type a descriptive name for the application (for example, PlainFare).
Click OK.
Add a user ID for the application.

The User IDs page displays the user IDs linked to or associated with this application. In this example, no user ID has been linked to PlainFare.exe. To add a user ID, select the User ID page, then click New.

If a user ID exists, you can use it or create a new one.

(If you use the SecureLogin desktop client to add a user ID, the dialog box varies.)

To use an existing user ID, click Yes. In the New User ID Link dialog box, select the user IDs that you want linked to this application, then click OK.

To create a new user ID, click No, type a description for the new user ID, then click New.

After the User ID dialog box displays, add login variables (credentials). See Creating User IDs.

To edit a user ID, on the Applications page, click the application, click Edit, add a User ID, type a script, then click OK. For new user IDs, the Edit dialog box automatically opens.
Save the data by clicking Apply or OK.

Using the Generic Script Type

The Generic script type is for generic scripts. Generic scripts can be common to many scripts. Instead of copying and pasting the script, you can keep the script in a generic platform and include it in all scripts.

For example, you can use a standard block of script to prompt a user for a variable. By using the Include command and subcommands in various scripts, you can call this generic script.

Editing Scripts

When you add an application, SecureLogin either uses a prebuilt script that you select or creates a script for the application. You can view, edit, or modify the script.

Click Applications.
Click the application, then click Edit.
Click Script.
Edit the script, then click OK.

For information on scripts, see the Nsure SecureLogin 3.51.2 Scripting Guide.

Modifying Settings for Applications

Click Applications.

A down-arrow on the left side of an icon indicates that the application is inherited.
Click the application name, click Edit, then click Settings.

Check the check boxes for the desired settings.

The following table provides information on the settings:

Preference	Description
Enabled	When the check box is checked, SecureLogin can use the user ID and script for this application and log the user in to the application.
Enable Enhanced Protection	Enhanced Protection is a feature in Novell SecretStore^®. When the Enhanced Protection option is enabled for any secret in SecretStore, if an administrator changes or resets the user's eDirectory password, SecretStore enters a locked state. To unlock SecretStore, the user enters the previous eDirectory password (not the password that the administrator changed to). This feature protects users from a mischievous administrator who wants to discover confidential information. If the administrator changes the user's password, the login data that is enhanced protected will be locked.
Password Field Must Exist on Internet Explorer Page for Script to Run	Some Web pages have a general Login field but not an accompanying password field. If you uncheck the check box, the script runs for these pages as well as for pages requiring a password. If you check the check box, the script runs only on the pages that have a password field. You can write a Web script that has SecureLogin fill in forms that don't contain any passwords. Therefore, a password field isn't always necessary. This setting is for extra security or validation, to make sure that a password field exists on the page before the script runs.

Preference

Description

Enabled

When the check box is checked, SecureLogin can use the user ID and script for this application and log the user in to the application.

Enable Enhanced Protection

Enhanced Protection is a feature in Novell SecretStore^®. When the Enhanced Protection option is enabled for any secret in SecretStore, if an administrator changes or resets the user's eDirectory password, SecretStore enters a locked state. To unlock SecretStore, the user enters the previous eDirectory password (not the password that the administrator changed to).

This feature protects users from a mischievous administrator who wants to discover confidential information. If the administrator changes the user's password, the login data that is enhanced protected will be locked.

Password Field Must Exist on Internet Explorer Page for Script to Run

Some Web pages have a general Login field but not an accompanying password field. If you uncheck the check box, the script runs for these pages as well as for pages requiring a password.

If you check the check box, the script runs only on the pages that have a password field.

You can write a Web script that has SecureLogin fill in forms that don't contain any passwords. Therefore, a password field isn't always necessary. This setting is for extra security or validation, to make sure that a password field exists on the page before the script runs.