Novell Documentation: Novell SecureLogin 3.51 SP2 - Understanding Script Variables

Understanding Script Variables

This section contains information on the following:

Generally, don't use spaces when you specify variables. For example, specify $Username_Alias instead of $Username Alias. If you use spaces, enclose the entire variable in quotation marks (for example, "$Username Alias").

Each variable defaults to the platform specified in the script name. By using a variable, you can change this by using a variable. For example, you might have the following script, named www.website1.com:

Type $username 
Type $password password

You might want to use these variables in a script named www.website2.com:

Type $username (www.website1.com) 
Type $password (www.website1.com) password

Stored Variables

Stored variables are the most common style of variable used in SecureLogin scripts. They are preceded with a dollar sign ($). Use these variables to store the values used during the login process, such as usernames, passwords, and any other required details.

The values of these variables are stored in the directory under the User object. The values are encrypted so that only the user can access them.

Variables can be stored separately for each application's script, so that the username variable is different for each application. However, you can set an application to read variables from another application's script. This is useful for applications that share user accounts or passwords. For details on how to do this, see the description in SetPlat.

If a stored variable is referenced in a script, and no value has been stored for that variable (for example, the first time the program is run), SecureLogin prompts the user to enter a value for the variable. This is an automatic process. It is also possible to manually trigger this process to prompt a user to enter new values for particular variables. For details on how to do this, see the description of DisplayVariables and ChangePassword.

Example: Stored Variables in Use

Dialog 
   Class #32770 
   Title "Login" 
End DialogType $Username #1001 
Type $Password #1002 
Click #1

To hide a variable from an administrator by displaying it as **** instead of clear text, begin the variable name with $Password. For example, $Password PIN is protected, but $PIN isn't.

Runtime Variables

SecureLogin is able to read details from the system and use the details to create variables that can be incorporated into the scripting language. These variables are automatically generated as runtime variables. They can be used in the same manner within any application definition.

In general, use runtime variables for date information, to store calculations, or to process data. You can also use runtime variables for temporary passwords and usernames.

Runtime variables are preceded with the question mark symbol (?). They have two modes: Normal and Local. Normal runtime variables are reset each time SecureLogin is started. Local runtime variables are reset each time the script is started. Runtime variables are Normal by default. For details on how to switch a runtime variable from General to Local mode, see the description in Local.

Runtime variables aren't stored in the directory or the SecureLogin local cache. They are used straight from the computer's memory. For this reason, don't use runtime variables to store usernames, passwords, or other details that SecureLogin will need to access in the future. If runtime variables are used for such details, the user will be prompted to enter them each time the script is run or each time SecureLogin is restarted.

Users aren't prompted for $variables that have no value. These variables are given the value NOTSET.

The following table lists the runtime variables that SecureLogin supports.

Variable Name	Description
?SysVersion(system)	The local SecureLogin Windows agent version. This variable can be used to determine whether specific support is built into the product running on the user's workstation. The format of the variable is major.minor.subminor.build. For example, 03050109 represents v3.5.1.9, in WW.XX.YY.ZZ format.
?BrowserType(system)	Contains either Internet Explorer or Netscape and indicates which browser the script is running in. This variable is set only in a Web script.
?SysUser(system)	The name of the user currently using SecureLogin.
?SysPassword(system)	The directory password of the user currently using SecureLogin. This variable is only available if the appropriate options are chosen when installing SecureLogin.
?SysContext(system)	The context where the current SecureLogin user's directory object exists.
?SysTree(system)	The name of the directory tree that SecureLogin is currently using.
?SysServer(system)	The name of the server that was entered in the Novell login dialog box. This variable is only available if the Novell client login extension is installed.
?CurrTime(system)	The running time in seconds from January 1970 to the present. Use this variable to force password changes every x days. Don't use scripting to force a password change if you want to continue having the application generate the change password event (recommended). Use this variable on applications where a password expiration can't be set at the application's back end.

Example: A Runtime Variable in Use

Dialog 
  Class #32770 
  Title "ERROR" 
EndDialogLocal ?ErrorCount 
Increment ?ErrorCount 
If ?ErrorCount eq "2" 
   MessageBox "This is the second time you have received this error. Would you like to reset the application?" -YesNo ?Result 
   If ?Result eq "Yes" 
      KillApp "App.exe" 
      Run "C:\App\App.exe" 
   Else 
      Set ?ErrorCount "0" 
   EndIf 
EndIf

Directory Attribute Variables

SecureLogin is able to read directory (for example, eDirectory) attributes from the currently logged-in user's object. For example,

Type $cn

reads the CN attribute from the currently logged in user's object, then types the attribute.

Use % variables only when SecureLogin is configured to use a directory and only on single-valued text attributes.

Passticket Variables

Passticket variables are used to generate one-time passwords. Passticket variables are preceded with the exclamation mark symbol (!).

To use a passticket variable, you must create and define numerical values for stored variables with the names $DESKEY and $DESOFFSET. The SecureLogin script parser uses these numbers to generate the one-time password.

After the stored variables have been defined, you use the following passticket variable to generate a password.

!Name of application definition

!default

For example, to use a passticket variable for the Outlook application, you create two stored variables called $DESKEY and $DESOFFSET under the Outlook application definition. You then set values for the two stored variables. You can then use the variable !Outlook whenever you need to generate a one-time password.

You can also use !Default, which automatically reads the values from the current application definition.

If the credentials used to generate one-time passwords (OTPs) don't already exist in a secured area of the SecureLogin cache (that is, the $DESKEY and $DESOFFSET variables aren't defined), they are retrieved from the closest SecureLogin Advanced Authentication Server.

If the $DESKEY and $DESOFFSET variables are not given values, SecureLogin generates random values the first time a password is generated and stores the values for later use.

Variables and Values

SecureLogin stores your username and password in the form of a variable and its value. Your username and password are not included in the script. Instead, a variable is used in the script. The value of the variable is your username or password.

Logins consist of a set of variables. You can use any name for a variable. A variable can contain any text. As the following figure illustrates, the Variable column usually just contains the password and username for a particular application. However, in some more complicated applications, there might be other variables.

This example has two variables: username and password. The script for this application has the following line:

Type $Username

The variable $Username is written in the script. The value of $Username in this example is mkurz. When the script runs, SecureLogin looks for the variable $Username in the user's login details. There it finds and reads the value mkurz. SecureLogin enters the value mkurz into the login dialog box.

At runtime, the value of the variable $Username (mkurz) is read. However, in the script you only see the variable $Username.