Subject
Window objects are subordinated to Application or Technical definition objects. They can only exist if they are associated with an application object.
Procedure
1. In the Enterprise SSO Studio main window, right-click the application for which you want to define a window object and click New Window.
2. Fill-in the Window Properties window tabs as described in the following sections: a) For the General tab, see 3.7.1 "General" Tab.
b) For the Options tab, see 3.7.2 "Options" Tab.
c) The Detection and Actions tabs are described in the sections of this guide that are related to the "plug-in types", as their content depends on the selected window type.
3.7.1 "General" Tab
The General tab allows you to give a name to the window object and to set its type. The type cannot be modified once the window has been created.
Window Name
By default, this field is automatically filled in with the name of the selected
Window Type. It is recommended to enter a name clearer than the default name.
Window Type
Displayed Window types are loaded from the different Quest Enterprise SSO Plug-ins. The following table shows the window types provided by the different plug-ins and their associated technology:
The Window Type Description area displays the description of the selected window type.
WINDOW TYPE TECHNOLOGY BEHAVIOR DESCRIPTION
Generic Windows
StandardLogin Win32/Java Login
BadPassword Win32/Java BadPassword NewPassword Win32/Java NewPassword BadNewPassword Win32/Java BadNewPassword ConfirmPassword Win32/Java ConfirmPassword Terminal Terminal All
HTML Pages (reserved for old versions. Do not use to detect new windows) IELogin Win32 Login +
BadPassword
HTTP
authentication window
HTMLLogin HTML/IE Login Authentication in HTML pages HTMLBadPassword HTML/IE BadPassword
HTMLNewPassword HTML/IE NewPassword + ConfirmPassword HTMLBadNewPass
word
HTML/IE BadNewPassword
Customizable Window Types
CustomScript Win32 All Graphic scripts enabling
customized SSO creation
CustomScriptHTML HTML/IE All Graphical scripts allowing
customized SSO creation for web applications under Internet Explorer. Microsoft Applications
MSTelnet Terminal All Not supported. MSTelnetW2KXP Terminal All Telnet Microsoft for
Windows 2000 and XP
Lotus Notes Windows
NotesLogin Win32 Login Lotus 4.x and 5.x authentication SAP Windows
WINDOW TYPE TECHNOLOGY BEHAVIOR DESCRIPTION
SAPExpired Win32 NewPassword Authentication SAPGUI Scripting Win32 Login Authentication for
SAP R/3 version 6.20
Plugin HLL API Windows
HLLAPI Login Win32 Login HLLAPI Bad Password Win32 BadPassword HLLAPI New Password Win32 NewPassword + LoginNewPasswor d HLLAPI Confirm Password Win32 ConfirmPassword
HLLAPI Bad New Password
Win32 BadNewPassword
HLLAPI Standard Win32
3.7.2 "Options" Tab
Specific detection conditions to trigger the single sign-on when the window appears (Detection criteria area).
SSOWatch execution options to carry out SSO (Execution Options area).
Advanced SSO options (Advanced options area).
3.7.2.1 Detection Criteria Area
Use language criteria
This option allows you to trigger the single sign-on only if the selected language is one of the input languages installed on the computer. This option can be useful to optimize response times.
Procedure
1. In the Windows Control Pane, double-click Regional and Language Options to display the input languages installed on the computer.
2. In the Languages tab, click Details.
3. Click the Configure button to select the wanted system languages.
4. Select Show local language variants to display the speech communities of each language.
Use SSO State criteria
This option allows you to trigger the single sign-on only if the selected SSO states are met.
This option is particularly useful for the Customizable Window Type (Custom Script type).
Click the Configure button to select the conditions of the window activation depending on the state of the application. For details, see table below:
OPTION NAME DESCRIPTION
The window is always detected
This option is selected by default: the window is always detected and processed by SSOWatch, without any condition.
SSO has not been performed
Select this option to trigger SSOWatch only if the SSO operation has not been done. With this option, SSOWatch can perform SSO upon the first detection of the window, then, as long as the application runs, this window is no longer detected.
SSO has been performed and the password is valid
The window is detected and processed by SSOWatch only if the SSO operation has been done with a valid password.
OPTION NAME DESCRIPTION
SSO has been performed and the password has expired and must be changed
This option depends on the password validity period parameter (defined in the PFCP properties window). This window is detected and processed only if the SSO operation has been done and that the password validity period has expired.
The password has been refused and
resynchronized (BadPassword)
These options can be particularly useful for applications that use several authentication windows that you have defined using custom scripts. For example, if you have to define the following windows for the same application: A custom bad password window.
A custom new password window, which contains only a field for the old password and a field for the new password. A custom password confirmation window, which contains a field to confirm the new password.
A custom bad new password window, which appears when the user enters a wrong new password.
To avoid inopportune detection and processing of these windows by SSOWatch, select for each window, the appropriate option in the Application State Conditions window.
A new password has been provided but not confirmed The new password has been confirmed
A new password has been refused (after a rollback)
Example of use with the "SSO has been performed and the password has expired and must be changed" option.
To display automatically the change password window of an application, do the following:
We consider in the following example that the change password window appears when you click a button.
Procedure
1. In Enterprise SSO Studio, create the Application object (for details, see 3.6 Defining Application and Technical Definition Objects.
2. From this object, define the Login and Change Password windows (for details, see 3.7 Defining Window Objects.
3. Define the Password Expire window, with the following guidelines:
In the General tab, select Custom script (Window type).
In the Options tab, select Use SSO state criteria, then click the Configure button and select SSO has been performed and the password has expired and must be changed.
Detection tab: drag and drop the target button to the window where the
Change Password button is located.
Fill in the Actions tab as follows:
The Password Expire window is a virtual window, which allows you to display automatically the Change Password window when the password has expired.
3.7.2. Execution Options Area
Activate window masking
This option allows you to hide the window of an application by a SSOWatch window displaying a customizable text. You can use this option if you do not want that the user sees his/her login/password for example.
Do not disable the window during SSO
This option is useful with custom script windows only. It allows you to set the focus on the custom script window in case of focus issues.
Interpret reappearance of login window as meaning 'bad password'
Select this option for login windows that display at least twice in case of bad
login/password values. This is the case for the authentication window used by Internet Explorer to login restricted areas for example:
3.7.2.3 Advanced Options area
Select the check boxes to activate the following actions:
Do not disable the window during SSO and Do not disable the window when asking for user input
Select these options so that the user can interact with the window detected during SSO.
This is only relevant for IE, Firefox and Chrome.
Use alternative field detection method. Activate this if the contents of the web page are not always identical. This can be slower than the default method.
Select this option so that:
The window definition for IE 6, 7 and 8 is the same for the three of them.
If the web page is modified, SSO is still executed.
If this option slows down the window detection then you must select one window for each IE version.
Try to use for Firefox. If this definition is for Internet Explorer, it will also be used for Firefox.
This option may not work with all web pages.
Select this option so that the window definition for IE is also applied to Firefox.
If this option does not work, you must create a specific window definition for Firefox.
You must start the configuration over again if you select this option.
3.7.3 "Detection" and "Actions" Tabs
The Detection and Actions tabs are described in the sections of this guide that are related to the "plug-in types", as their content depends on the selected window type.