Managing Scripts

Each single-sign-on-enabled application has a script. A basic script tells SecureLogin how to log in to the application. You can create more involved scripts that allow you to perform other password management tasks, such as detecting expired passwords and generating new passwords.

SecureLogin has a scripting wizard as well as a host of prebuilt scripts. These features enable you to easily enable a broad range of applications for single sign-on.

Manage scripts for applications by using ConsoleOne®, the Microsoft Management Console (MMC), SecureLogin Manager (slmanager.exe), or the SecureLogin workstation client.

  1. Right-click an object (for example, an OU or User object), then click Properties.

  2. Click Novell SecureLogin > General Settings > Applications.


    The Applications tab

  3. Click an application, click Edit, then click Script.

    The following figure illustrates the Script tab and an example simple script.


    The Script tab

  4. Make changes.

For commands used in scripts, along with example scripts for those commands, see SecureLogin Commands.

To experiment with a sample script and a test application, see Practicing Your Scripting Skills.

For a scenario to enable authentication to MyRealBox through single sign-on, see Using Novell SecureLogin to Enable Web Applications for Single Sign-On in the May 2002 issue of AppNotes


Using Corporate Scripts

Corporate scripts are normal scripts that are assigned to a Container object instead of to a User object. Corporate scripts differ from other scripts in two ways:

The differences are the location and inheritance only.

Because they are automatically rolled out to all User objects held in the Container object, corporate scripts simplify implementing and administering SecureLogin single sign-on. By using this method, you don't have to configure applications for each individual user in your organization. All users read and use the same scripts.

Windows Application, Web, Startup, and Terminal Launcher scripts can all be implemented as corporate scripts.


Creating a Corporate Script: MMC or ConsoleOne

  1. Log in as Admin or an Admin equivalent.

  2. Navigate to the Container object where you want to create the corporate script.

  3. Right-click the Container object, then click Properties.

  4. Click Novell SecureLogin > Applications > New.


    The Novell SecureLogin tab

    To use a prebuilt script, go to Step 5.

    To create a new script for an application, without using a prebuilt script, go to Step 6.

  5. (Optional) Add a prebuilt script to the application list.

    1. Click Select a Prebuilt Script, scroll to and select the desired application, then click OK.


      The radio button to select an application that has a prebuilt script

    2. At the Applications tab, save the script by clicking Apply or OK.

      The next time the selected application is launched, users will be prompted to enter their credentials.Whenever the application is subsequently launched, SecureLogin enters the users' credentials, as though the login process has been eliminated.

  6. (Optional) Add an application that doesn't have a script.

    1. From the New Application dialog box, click New Application.


      The radio button to add a new application

    2. Type a name in the first text field.

      For a Windows application, type the executable filename. For a Web application, type the URL. This name will display in the Description column on the Applications tab.


      The dialog box to enable a new application for single sign-on

  7. Select a type (for example, Java, Startup, Windows) from the drop-down list, then click OK.

  8. At the Applications tab, save the data by clicking Apply.

  9. Click the newly added application, click Edit, then click Script.

  10. Add a script.

    For hands-on experience with basic scripting, work through the tutorial in Practicing Your Scripting Skills.

    For script commands, with accompanying example scripts and explanations, see SecureLogin Commands.


Creating a Corporate Script: SecureLogin Manager

  1. Log in to the workstation as Admin or equivalent.

  2. Run SecureLogin.

  3. Launch SecureLogin Manager.

    Run slmanager.exe, found in the \securelogin\client\tools directory.

  4. Type the distinguished name of the object where you want to create a corporate script.


    The dialog box to access SecureLogin Manager

    You logged in to the workstation as Admin or equivalent, then accessed SecureLogin as that user. SecureLogin Manager uses the rights of the authenticated user to create the corporate script for the context or object that you specify.

    For AD and LDAP, use LDAP naming conventions (for example, cn=admin,cd=akranes). For eDirectory, use eDirectory conventions (for example, cn=admin.o=akranes).

  5. Click OK.


Exempting a User Object from a Corporate Script

Local scripts take precedence over corporate scripts. Occasionally, you might want a particular user to use a script other than the corporate script. To do this, create a local script for the application at the User object level.

If you have a corporate script for an application, and you have a user who should not have that application single sign-on enabled, create a blank local script for the application at the User object level.

You can also use this procedure to exempt a Container object from corporate scripts inherited from Container objects that are higher in the directory tree.