Authors:
Jency Flawrence
Sahana Mathias

Problem Statement: Single sign-on by using Formfill with Autosubmit enabled fails if the submit or the login button requires execution of a JavaScript function before submitting the form data to the Web server. The classic example for such forms is HP Service Manager login form.

Solution: You must configure a form fill policy, which includes all the required Javascripts in the Functions to keep section and includes the function call associated with the Submit button in the Statements to Execute of the form fill policy:

function_name(arguments); //eg. tpzDrillTable('','Login','0','listdetail');

where “function_name” is the Java script statement to be executed on clicking “Submit” button. You can find this statement in the “onclick” attribute of the “Submit” button

This function calls the onclick action of the Submit button in the form and ensures that the form is submitted to the Web server after the Javascript is executed.

The following sections explain why form fill fails when a regular form fill policy is configured for the HTML form that contains complicated JavaScript. This section also describes the procedure to configure the form fill policy for such complex forms.

1.1 Sample Login Form with JavaScript

Consider the sample login form from HP Service Manager which contains a embedded JavaScript that gets executed when the Login button is clicked:

The code for this form is given below.

Please note that the code contains only some illustrative functions which would be required to explain Formfill and do not reflect the exact code of the HP Service Manager Login form.

NOTE: In the above code, the highlighted section indicates that when the Login button is clicked the onclick action calls a JavaScript function.

1.2 Understanding Form Submit

In Linux Access Gateway, you can configure a form fill policy to submit the form in the following ways:

  • Manual Submit: When a form is configured for manual submitting, all the fields configured in the form fill policy are automatically filled by Linux Access Gateway for the user. The user must then manually click the Submit button in the form to submit it to the Web server protected by Linux Access Gateway.
  • Autosubmit: In Autosubmit, the actual form is processed such that all additional scripts not needed while submitting the form data to the webserver are removed. A temporary form is created on runtime with necessary form data in hidden format and an additional function LAGSubmitForm() as,
    function LAGSubmitForm()
    {
    executeJavaScript();
    }
    LAGSubmitForm();

    where executeJavaScript(); is the function which executes the JS/VB script statements configured in the “Statements to execute”. If Statements to be executed are present then you can also find the function definition for executeJavaScript() like,

    executeJavaScript()
    {
    document.forms[0].submit();
    }
    
    

    where form[0] is the single form present in the HTML page and submit” is the default action associated with the Form’s submit button to submit this form to webserver automatically. This approach will work for forms with default action of the “Submit” button as POSTing the form data.

  • Autosubmit with Masking: When Autosubmit with masking is enabled for a form, the form data is submitted automatically to the Web server. But the data sent to the Web browser over the network is masked for additional security.
  • Submitting with the help of touch files: When HTML forms contain complex JavaScript or VBScript, as in Section 1.1, “Sample Login Form with JavaScript,” on page 1, you must enable two touch files .enableInPlaceSilentFill and .enableInPlaceSilentFillNew. These touch files are essential to execute functions in the form before doing an Autosubmit.

    For example, these touch files help proper Formfill of complex login forms by CRM applications or TWC applications. When the touch files are present form fill does not perform HTML parsing, just as the case is with manual submitting though Autosubmit option is enabled. All the fields in the original HTML form are populated with the values configured in the form fill policy and the form data is sent to the Web browser.

    However, one of the limitation with this approach is that functions configured in the Functions to keep section fail to get executed as Linux Access Gateway does not process HTML to include the function LAGSubmitForm()to perform autosubmit. To workaround the issue, the statement document.forms[0].submit(); must be added to the Statements to execute section. This statement ensures that the form is submitted properly with the assumption that the default action of the Submit button is POST for the form[0].

1.3 Why Does FormFill Fail with Regular Policy?

The following section explains the process that takes place when a client requests for a form which is configured with a regular form fill policy.

When a regular Formfill policy is configured with Autosubmit enabled, the LAGSubmitForm() function gets included to the form on runtime. But the LAGSubmitForm() function calls the default submit action of the form that is to POST the data to the Web server. But the submit action for the sample login form in Section 1.1, “Sample Login Form with JavaScript,” on page 1 requires a Javascript function to be executed. This function in turn submits the form data to the Web server. Since, the Javascript is not executed using the regular Formfill policy, posting of the form data fails

The following is the POST request sent to the browser

row=&__x=&thread=0&event=0&transaction=0&type=detail&focus=var%2Fuser.id&focu
sContents=testuser1&focusId=X2&focusReadOnly=&start=&count=&more=&tablename=&
window=&close=&_blankFields=&_uncheckedBoxes=&formchanged=&formname=login.pro
mpt.g&_multiSelection=&_multiSelection_tableId=&clientWidth=1473&var%2Fuser.i
d=testuser1&var%2Fold.password=novell081&var%2FL.language=en&0=Login&3=Cancel

However, the browser expects to receive the following POST request and does not auto submit the form:

row=&__x=&thread=0&event=0&transaction=0&type=detail&focus=var%2Fuser.id&focu
sContents=testuser1&focusId=X2&focusReadOnly=null&start=&count=&more=&tablena
me=&window=&close=&_blankFields=&_uncheckedBoxes=&formchanged=&formname=login
.prompt.g&_multiSelection=&_multiSelection_tableId=&clientWidth=1217&var%2Fus
er.id=testuser1&var%2Fold.password=novell081&var%2FL.language=en

Note the difference in POST requests sent to the browser. In the first case, the POST request has &0=Login&3=Cancel appended, which causes the login to fail.

In order for the browser to send the proper POST data, Linux Access Gateway must add the following Javascript statement to the Statements to Execute:

tpzDrillTable('','Login','0','listdetail');

For Formfill to work for the sample login form one must do the following modifications:

  1. Modify the regular Formfill policy to include the statement to be executed when “Submit” button is clicked as described in 1.4 Creating Form Fill Policy
  2. Create the touch files .enableInPlaceSilentFill and .enableInPlaceSilentFillNew for complex Javascript handling as described in 1.5 Creating Touch Files

1.4 Creating Form Fill Policy

The following procedure describes the steps to configure the form fill policy with Java or VBScript functions.

  1. In the Administration Console, click Policies > Policies.
  2. Select the policy container, then click New.
  3. Specify a display name for the policy and select Access Gateway: Form Fill for its type.
  4. (Optional) Specify a description for the Form Fill policy.
  5. In the Actions section, click New, then select Form Fill.
  6. In the Form Selection section, select Form Name and specify topaz in the text box.
  7. In the Fill Options section, specify all the input fields and select options.

    Please note that all the Input Field Value are illustrative and have to be substituted with the actual values from the original form.

  8. In the Submit Options section, select Auto submit.
  9. Select Enable JavaScript Handling.
  10. Select Functions to Keep, then specify the JavaScript functions that need to be retained when the form is being auto submitted. For the example form, specify the following functions:
    function dvdRegisterSelect()
    function enableAll()
    function verify(f, bSubmitToSelf)
    function printThisView()
    function tpzDrillTable(a,b,c,d)()
    
    

  11. Click OK.
  12. Select Statements to Execute and specify the form action that needs to be performed when the form is submitted. For the sample form, specify the following statement:
    tpzDrillTable ('','Login','0','listdetail');
    
    

  13. Click OK.
  14. On the Policies page, click Apply Changes.

1.5 Creating Touch Files

  1. Log in as root to Linux Access Gateway shell.
  2. Specify the following command to create the.enableInPlaceSilentFill file:
    touch /var/novell/.enableInPlaceSilentFill
    

    When this touch file is used, the Linux Access Gateway does not generate a new page if autosubmit is enabled, but fills the page received from the Web server and hides the text/password/unspecified type fields. Form-Fill issues for CRM applications and teaming and conferencing applications are resolved with this touch file.

    However, when this touch file is used, the Debug Submit and JS Functions to Keep options of the Form Fill policy do not work.

  3. Specify the following command to create the enableInPlaceSilentFillNew file:
    touch /var/novell/.enableInPlaceSilentFillNew
    
    

    This touch file is to be used to fill forms with complex JavaScript or VBScripts. You must use this touch file along with the .enableInPlaceSilentFill file.

  4. Specify the following command to restart Linux Access Gateway:
    /etc/init.d/novell-vmc stop
    /etc/init.d/novell-vmc start
    
    
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading...Loading...
Categories: Uncategorized

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

Leave a Comment

  • jssjbaker says:

    Hello,

    Injecting usernames and passwords into HTML forms is not suitable for an organisation serious about security. Passing usernames and passwords in the clear is not secure and precisely why Integrated Windows Authentication or other technologies were invented.

    John

    SSO Plugin for HP Service Manager

By: jencya
Jun 4, 2010
10:51 am
Reads:
2,092
Score:
Unrated