This section consists of descriptions and examples of the commands that make up Novell® SecureLogin Application Definitions.
NOTE:For a list of commands and corresponding page references, see Section 1.0, Command Quick Reference.
This section contains the following information:
The information for each of the commands includes:
Table 5-1 Command Description
Table 5-2 Command Description
The SecureLogin advanced WebWizard makes it easier for users to enable single sign-on Web sites and capture user’s Web-based log on details. When the user accesses a Web page from the browser, SecureLogin automatically launches the Web Wizard.
The Web Wizard captures the user’s log on details and adds them to the user’s Web Application Definitions.
When managing user’s Web log on credentials, the Definition tab of the Advanced Setting page allows administrators to customize site and user credential details. Also available under the Definitions tab is an Advanced function which provides more functionality with their associated values and the option to convert the user’s log on credentials to an Application Definition.
For more details on how to manage Application Definitions, see Section 3.0, Managing Application Definitions.
In SecureLogin version 3.5 and higher, Web commands have been added to allow for much finer control of site matching. Detailed information of the loaded Web site can be matched upon and used to execute blocks of scripting commands.
The technique used to specify constraints upon a site match are similar to those constraints used in windows scripting.
Instead of Dialog/EndDialog commands, equivalent Site/EndSite commands have been created and can now be used.
Within these Site blocks, Match commands can be used to filter a given site. If one of the specified match commands fails to match, then the Site block will fail to match as a whole. For more information, see Section 5.2.73, Site/EndSite.
When matching a specific form, field or other match option it is often the case that multiple items will match the selection criteria. In these cases, the first item on the Web site which matches is considered to be the match.
To access the other fields which also need to be matched, subsequent match commands may be added with the same selection criteria.
For example:
MatchField #1:1 -type "password" MatchField #1:2 -type "password"
matches a site with two password fields. The first is given the ID '#1:1' , the second is given the id '#1:2'
NOTE:
When matching a site, match methods are used to give specific fields, forms and options their own unique ID.
Once the site has been successfully matched, the given ID is used in input commands to specify particular items.
The actual ID's are denoted with a # followed by 1, 2 or 3 numbers each separated by a colon. For instance "#1:3:2".
SecureLogin 6.0 SP1 incorporates a Novell Audit integration for those enterprises that have Novell Audit as part of their infrastructure. Novell Audit allows administrators to audit events from scripts and have the Novell Audit client write audit events in response to certain triggering events.
For more information, see Section 5.2.5, AuditEvent.
The use of multiple passwords places a high maintenance overhead on large enterprises. Users are routinely required to use and manage multiple passwords which can result in a significant cost, particularly with regard to calls to the helpdesk to reset forgotten passwords, or ensure all passwords are provisioned when a new user starts or are deleted when an existing user leaves the organization.
One of the main benefits of implementing one time password systems is that it is impossible for a password to be captured on the wire and replayed to the server.This is particularly important if a system does not encrypt the password when it is sent to the server, as is the case with many legacy Mainframe systems.
one time passwords also offer advantages in terms of disaster recovery because the encryption key is used to generate the OTP will rarely change. System restoration, which may be hours or be many months old, can be achieved without consideration for restoring users' passwords or notifying staff of new passwords.
SecureLogin 6.0 SP1 now provides a secure, robust and scalable infrastructure by integrating ActivCard one time password authentication functionality. It provides administrators access to the application definition command GenerateOTP which can be used to generate synchronous authentication and asynchronous authentication soft token support for smartcard user authentication as well as hard token support for Vasco Digipass token generator.
For more information, see Section 5.2.28, GenerateOTP.