5.1 Command Reference Conventions

This section consists of descriptions and examples of the commands that make up Novell® SecureLogin application definitions.

For a list of commands and corresponding page references, see Section 1.0, Quick Command Reference.

This section contains the following information:

5.1.1 Command Information

This section contains the following information:

Use With Values

Command

Description

Java

Use as part of a Java* application definition.

Startup

Use as part of a Startup application definition.

Terminal Launcher

Use as part of a terminal launcher application definition.

Advanced Web

Use as part of a manually created Web site or Internet application definition. Not compatible with the Web Wizard application definition language.

NOTE:A predefined Web application and an Advanced Web application definition are the same.

Web Wizard

Use as part of application definitions created automatically by the Web Wizard. Web Wizard application definitions can be kept in their original XML format or converted to an ASCII script for advanced editing.

Windows

Use as part of a Window's application definition.

Type Values

Command

Description

Action

Performs an action. For example the Type command types information into a field.

Dialog specifiers

Defines dialog boxes. For example, the Parent and Class commands.

Flow control commands

Directs SecureLogin to a specific location in the application definition. For example, Repeat and EndScript commands.

Variable manipulators

Modifies variables, such as the Add and Subtract commands.

5.1.2 Web Wizard Application Definition Conventions

The SecureLogin advanced Web Wizard makes it easier for users to enable single sign-on Web sites and capture a user’s Web-based login details. When the user accesses a Web page from the browser, SecureLogin automatically launches the Web Wizard.

Figure 5-1 The Web Wizard

The Web Wizard captures the user’s login details and adds them to the user’s Web application definitions.

When managing user’s Web log in credentials, the Definition tab of the Advanced Setting page allows administrators to customize site and user credential details. Also available under the Definitions tab is an Advanced function that provides more functionality with their associated values and the option to convert the user’s login credentials to an application definition.

For details on managing application definitions, see Section 3.0, Managing Application Definitions.

Site Matching

In SecureLogin version 6.0 and later, Web commands have been added to allow for much finer control of site matching. Detailed information of the loaded Web site can be matched and used to execute blocks of scripting commands.

The technique used to specify constraints upon a site match are similar to those constraints used in windows scripting.

Instead of Dialog/EndDialog commands, equivalent Site/EndSite commands have been created and can now be used.

Within these Site blocks, Match commands can be used to filter a given site. If one of the specified match commands fails to match, then the Site block fails to match as a whole. For more information, see Section 5.2.76, Site/Endsite.

Matching Form, Field, and Option

When matching a specific form, field, or other match option, multiple items often match the selection criteria. In these cases, the first item on the Web site that matches is considered to be the match.

To access the other fields that also need to be matched, subsequent match commands can be added with the same selection criteria.

For example:

MatchField #1:1 -type "password" MatchField #1:2 -type "password"

matches a site with two password fields. The first is given the ID '#1:1' , the second is given the id '#1:2'

NOTE:

  • Matched items might only be matched once.

  • Each ID must be unique and not used previously.

Form, Field, and Option IDs

When matching a site, match methods are used to give specific fields, forms, and options their own unique ID.

After the site has been successfully matched, the given ID is used in input commands to specify particular items.

The actual IDs are denoted with a # followed by 1, 2, or 3 numbers each separated by a colon. For instance, "#1:3:2".

5.1.3 Integrating Novell Audit

Novell SecureLogin incorporates a Novell Audit integration for those enterprises that have Novell Audit as part of their infrastructure.

Novell Audit allows administrators to audit events from scripts to Novell Audit and Novell Sentinel™ servers in response to certain triggering events.

For details of the Novell Audit integration see Section 5.2.4, AuditEvent.

5.1.4 One-Time Passwords

The use of multiple passwords places a high maintenance overhead on large enterprises. Users are routinely required to use and manage multiple passwords, which can result in a significant cost, particularly with regard to calls to the help desk to reset forgotten passwords, or to ensure that all passwords are provisioned when a new user starts or are deleted when an existing user leaves the organization.

One of the main benefits of implementing one-time password systems is that it is impossible for a password to be captured on the wire and replayed to the server. This is particularly important if a system does not encrypt the password went it is sent to the server, as is the case with many legacy mainframe systems.

One-time passwords also offer advantages in terms of disaster recovery because the encryption key is used to generate the one-time password rarely changes. System restoration, which might be to a system version that is hours or many months old, can be achieved without consideration of restoring users' passwords or notifying staff of new passwords.

SecureLogin 6.1 also provides a secure, robust, and scalable infrastructure by integrating ActivCard* one time password authentication functionality. It provides administrators access to the application definition command GenerateOTP, which can be used to generate synchronous authentication and asynchronous authentication soft token support for smart card user authentication as well as hard token support for the Vasco* Digipass* token generator.