Novell Documentation: Novell SecureLogin 6.0 - Command Reference Conventions

5.1 Command Reference Conventions

This section consists of descriptions and examples of the commands that make up Novell® SecureLogin Application Definitions.

NOTE:For a list of commands and corresponding page references, see Section 1.0, Command Quick Reference.

This section contains the following information:

5.1.1 Command Information

The information for each of the commands includes:

Use With Values

Table 5-1 Command Description

Command	Description
Java	Use as part of a Java* Application Definition.
Startup	Use as part of a Startup.
Terminal Launcher	Use as part of a terminal launcher Application Definition.
Advanced Web	Use as part of a manually created web site/internet Application Definition. Not compatible with Web Wizard Application Definition language.
Web Wizard	Use a part of Application Definitions created automatically by the Web Wizard. Web Wizard Application Definitions can be kept in their original XML format or converted to an ASCII script for advanced editing.
Windows	Use as part of a Windows* Application Definition.

Type Values

Table 5-2 Command Description

Command	Description
Action	Performs an action, for example the `Type` command types infor-mation into a field.
Dialog specifiers	Defines dialog boxes, for example, the `Parent` and `Class` com-mands.
Flow control commands	Directs SecureLogin to a specific location in the Application Definition, for example, `Repeat` and `EndScript` com-mands.
Variable manipulators	Modifies variables, such as the `Add` and `Subtract` commands.

5.1.2 Web Wizard Application Definition Conventions

The SecureLogin advanced WebWizard makes it easier for users to enable single sign-on Web sites and capture user’s Web-based log on details. When the user accesses a Web page from the browser, SecureLogin automatically launches the Web Wizard.

The Web Wizard captures the user’s log on details and adds them to the user’s Web Application Definitions.

When managing user’s Web log on credentials, the Definition tab of the Advanced Setting page allows administrators to customize site and user credential details. Also available under the Definitions tab is an Advanced function which provides more functionality with their associated values and the option to convert the user’s log on credentials to an Application Definition.

For more details on how to manage Application Definitions, see Section 3.0, Managing Application Definitions.

5.1.3 Site Matching

In SecureLogin version 3.5 and higher, Web commands have been added to allow for much finer control of site matching. Detailed information of the loaded Web site can be matched upon and used to execute blocks of scripting commands.

The technique used to specify constraints upon a site match are similar to those constraints used in windows scripting.

Instead of Dialog/EndDialog commands, equivalent Site/EndSite commands have been created and can now be used.

Within these Site blocks, Match commands can be used to filter a given site. If one of the specified match commands fails to match, then the Site block will fail to match as a whole. For more information, see Section 5.2.73, Site/EndSite.

5.1.4 Form/Field/Option Matching

When matching a specific form, field or other match option it is often the case that multiple items will match the selection criteria. In these cases, the first item on the Web site which matches is considered to be the match.

To access the other fields which also need to be matched, subsequent match commands may be added with the same selection criteria.

For example:

MatchField #1:1 -type "password" MatchField #1:2 -type "password"

matches a site with two password fields. The first is given the ID '#1:1' , the second is given the id '#1:2'

NOTE:

Matched items may only be matched once.
Each ID must be unique and not used previously.

5.1.5 Form/Field/Option ID’s

When matching a site, match methods are used to give specific fields, forms and options their own unique ID.

Once the site has been successfully matched, the given ID is used in input commands to specify particular items.

The actual ID's are denoted with a # followed by 1, 2 or 3 numbers each separated by a colon. For instance "#1:3:2".

5.1.6 Audit Integration

SecureLogin 6.0 SP1 incorporates a Novell Audit integration for those enterprises that have Novell Audit as part of their infrastructure. Novell Audit allows administrators to audit events from scripts and have the Novell Audit client write audit events in response to certain triggering events.

For more information, see Section 5.2.5, AuditEvent.

5.1.7 One Time Passwords

The use of multiple passwords places a high maintenance overhead on large enterprises. Users are routinely required to use and manage multiple passwords which can result in a significant cost, particularly with regard to calls to the helpdesk to reset forgotten passwords, or ensure all passwords are provisioned when a new user starts or are deleted when an existing user leaves the organization.

One of the main benefits of implementing one time password systems is that it is impossible for a password to be captured on the wire and replayed to the server.This is particularly important if a system does not encrypt the password when it is sent to the server, as is the case with many legacy Mainframe systems.

one time passwords also offer advantages in terms of disaster recovery because the encryption key is used to generate the OTP will rarely change. System restoration, which may be hours or be many months old, can be achieved without consideration for restoring users' passwords or notifying staff of new passwords.

SecureLogin 6.0 SP1 now provides a secure, robust and scalable infrastructure by integrating ActivCard one time password authentication functionality. It provides administrators access to the application definition command GenerateOTP which can be used to generate synchronous authentication and asynchronous authentication soft token support for smartcard user authentication as well as hard token support for Vasco Digipass token generator.

For more information, see Section 5.2.28, GenerateOTP.