You can configure terminal emulators for single sign-on in the application definition editor in the Administrative Management utility, in the SecureLogin Client Utility, and the Terminal Launcher tool.
To enable a terminal emulator for single sign-on, you must run the terminal launcher application (tlaunch.exe), and link the emulator definition to the terminal emulator application definition.
Terminal Launcher allows you to configure emulator definitions for use with SecureLogin.
The following sections document these procedures:
NOTE:Contact NetIQ Support for information on using a ViewNow terminal emulator.
In the following sections, we use Eicon Aviva. Although these procedures apply to most terminal emulators, the application definition and other configuration information might differ for each emulator application. Contact Support for help.
Prior to enabling any terminal emulator for single sign-on, you will need to include or create a session file that provides all the required settings for the server connection and any other parameters required for deployment to users. Terminal Launcher should be configured to run this session file when launching the emulator. Any modifications to the session must be saved to this file. The session file can be saved locally or on the server. In most environments, the session file already exists and you only need to configure Terminal Launcher to point to the relevant file.
Start the terminal emulator application.
Connect to the required host.
Change the terminal emulator settings as required.
Save the session. The default directory is usually the application’s installation directory.
On the Connection menu, click Disconnect.The session file remains loaded, but you have disconnected from the host.
On the File menu, click Save [session name] to save changes to the session file.
Exit the terminal emulator application.
Open the SecureLogin Client Utility of SecureLogin by double-clicking , or by selecting Start > Programs > NetIQ SecureLogin > NetIQ SecureLogin.
Select File > New > Application. The New Application dialog box is displayed.
Select New Application Definition.
In the Type drop-down list, click Terminal Emulator.
In the Name field, specify a name for the application definition (in this example, Eicon Aviva), then click OK. The new application definition is added to the Applications pane.
Select the new application definition. The Details tab is displayed.
Click the Definition tab. The application definition editor is displayed.
Delete the default text displayed in the text box: # place your application definition here
In this example for Attachmate, type the following in the text box:
WaitForText "WELCOME TO ATTACHMATE" Type @E WaitForText "ENTER USERID -" Type $Username Type @E WaitForText "Password ===>" Type $Password Type @E WaitForText " Welcome to Attachmate" WaitForText "***" Delay 1000 Type @E
You must type the screen syntax accurately in the application definition editor; otherwise it will fail to operate. Wherever possible, cut and paste the text directly from the emulator screen into the editor.
Click the Details tab.
Ensure that the Enabled check box is selected.
Click OK.
Terminal applications are invoked by the terminal launcher when configured properly. After you create the application definition in the management utility, you must use Terminal launcher to link it with the appropriate emulator definition.
By setting tlaunch to point to the new application and the emulator definition you can click on the Create Shortcut button to create a shortcut that links everything together. When clicking on the shortcut tlaunch will launch the emulator with the configured session file. Once tlaunch can successfully communicate with the emulator it will then invoke the application definition to interact with the host session.
IMPORTANT:For successfully using Terminal Launcher on Windows XP SP3, the screen resolution must be 1024 by 768 pixels.
Select Start > Programs > NetIQ SecureLogin > Terminal Launcher. The Terminal Launcher dialog box is displayed.
This release of NetIQ SecureLogin provides two Terminal Launcher shortcuts: one each for 32-bit and 64-bit. To launch Terminal Launcher 32 or Terminal Launcher 64, click Start > All Programs > NetIQ SecureLogin > Terminal Launcher 32 or Terminal Launcher 64.
Use Terminal Emulator 32 to interact with 32-bit emulators. Use Terminal Emulator 64 to interact with 64-bit emulators.
In the Available applications list, click the required application definition (in this example, Eicon Aviva).
Click Add to move the selected application to the Login to list.
Click Edit Available Emulators. The Available Emulators dialog box is displayed.
If you launch Terminal Launcher as a normal user on Microsoft Windows Vista or higher, the Edit Available Emulator button is dimmed. You must have administrator rights to edit the TLaunch.ini file. To edit the TLaunch.ini file:
Click Start > All Programs > NetIQ SecureLogin, select Terminal Emulator 32 or Terminal Launcher 64.
Right-click on Terminal Launcher 32 or Terminal Launcher 64, then select Run as administrator.
In the Available Emulators list, click on your emulator definition. In this example we clicked on Eicon Aviva.
Click Edit. The HLLAPI Emulator Configuration dialog box is displayed.
In the Emulator Path field, specify the emulator executable’s location.
In the Home Directory field, specify the emulator’s home directory.
In the HLLAPI DLL field, specify the file name and path.
In the Session Files field, select and delete the current session files.
Click Add. The Emulator Session File dialog box is displayed.
Browse and select the configured session file.
Click OK to close the Emulator Session File dialog box.
Click OK to close the HLLAPI Emulator Configuration dialog box.
Click Done to close the Available Emulators dialog box.
In the Terminal Launcher dialog box, ensure that Eicon Aviva is selected in the Emulator drop-down list.
Save the changes and click Launch.
You can choose to start emulator applications from within Terminal Launcher; however, users might not have access to Terminal Launcher or you might need to create multiple definitions for different hosts or sessions. To simplify this process for users, a desktop shortcut can be created by clicking on the Create Shortcut button.
It is important to understand that for SecureLogin to interact with the emulator, the emulator itself must be invoked by tlaunch. It is tlaunch that will launch the emulator and then invoke the NSL script to interact with the terminal session. If a user were to launch the emulator directly then tlaunch would not be running and no interaction would occur.
Do the following to create a shortcut for an application or a server:
Select Start > Programs > NetIQ SecureLogin > Terminal Launcher. The Terminal Launcher dialog box is displayed.
Click Create Shortcut. The Terminal Launcher Shortcut Options dialog box is displayed.
Select Location > Desktop.
Select the appropriate options from Options.
NOTE:Quiet mode and Suppress errors are the default options.
In the Command Line field, ensure that the following parameters are included (in this example, /auto /e"Attachmate" /pAttachmate /q /s):
|
Parameter |
Description |
|---|---|
|
/auto |
Indicates to Terminal Launcher that the following is a parameter requesting the execution of a terminal emulator application that is configured for single sign-on. This parameter is mandatory. |
|
/e[application name] |
Initiates the execution of the terminal emulator. |
|
/p[Terminal Launcher config name] |
Initiates execution of the application created in Terminal Launcher. |
|
/q |
Quiet mode (no Cancel dialog box). |
|
/s |
Suppress errors. |
Add additional parameters as required. For more information see, Setting Terminal Launcher Command Line Parameters
Click Create.
The shortcut is created on the desktop and you can deploy it to users in the preferred mode for your organization.
Click Close to close the Terminal Launcher dialog box.
Double-click the short cut.
The terminal emulator application is executed with Terminal Launcher and the Enter your credentials dialog box is displayed.
In the Enter login credentials fields, specify your username and password.
Click OK.
SecureLogin stores the user's login credentials and uses them to log on to the host through the emulator session. Subsequently, double-clicking the desktop shortcut logs the user directly on to the host without any further user interaction.
To run the required terminal emulator, Terminal Launcher command line parameters are included in the desktop shortcut command. For more information, see Creating a Terminal Emulator Desktop Shortcut.
The following table lists all of the available tlaunch parameters (also referred to as switches).
Table 9-1 Terminal Launcher Command Line Parameters
|
Parameter |
Description |
|---|---|
|
/auto |
Indicates to Terminal Launcher that the following is a parameter requesting the execution of a terminal emulator application that is configured for single sign-on. For example: C:\<....>\TLaunch.exe /auto /pApplication1 NOTE:This parameter is mandatory. |
|
/p[platform/application/Application Definition name] |
Initiates the execution of the terminal emulator as listed in the Terminal Launcher Login to field. To run multiple applications from the same command, add /p[TL application/Application Definition name] You can run up to fifteen applications simultaneously from the shortcut command line. For example: C:\<....>\TLaunch.exe /auto /eAttachmate /pApplication1 /pApplication2 NOTE:You must type the emulator name exactly as it appears in the Terminal Launcher Available Emulators drop-down list. |
|
/b |
Specifies the background authentication mode. |
|
/c |
Allows the application to close in case of any errors. For example: C:\<....>\TLaunch.exe /auto /c /Application Application refers to the terminal emulator application configured for single sign-on. |
|
/e[emulator name] |
The parameter /e[Terminal Launcher config name] initiates the execution of the terminal emulator as listed in the Terminal Launcher Available Emulators drop-down list. NOTE:You must type the emulator name exactly as it appears in the Terminal Launcher Available Emulators drop-down list. |
|
/h[hllapi short name] |
Commands TLaunch.exe to connect to the specified HLLAPI session. |
|
/k[executable name] |
Quits (kills) the specified executable prior to launching the terminal emulator. |
|
/l |
Disables the terminal emulator execution. This parameter is required when multiple instances of terminal emulator are running and you want to disable a few selected instances. |
|
/m |
Enables multiple concurrent connections to specified sessions. This parameter is required for background authentication. |
|
/n |
Starts the selected terminal emulator without executing a SecureLogin application definition. For example: C:\<....>\TLaunch.exe /auto /n NOTE:This parameter does not function with VBA emulators. It overrides /p option. |
|
/n[number 1-15] |
Starts the specified number of terminal emulator sessions without executing SecureLogin application definition. For example: C:\<....>\TLaunch.exe /auto /n3 NOTE:This parameter does not function with VBA emulators. It overrides /p option. |
|
/q |
Quiet Mode (no Cancel dialog bSox). For example: C:\<....>\TLaunch.exe /auto /q |
|
/s |
Suppress errors. |
|
/t |
Unlimited timeout during connection. For example: C:\<....>\TLaunch.exe /auto /eAttachmate /pBackground /b /t /m /hA /s /q |
|
/w |
Allows terminal emulator to wait for an application or process to complete before executing the next process. |
|
/x [Shared Access Rights] |
Setting EHLLAPI shared access for read and write permission between multiple EHLLAPI sessions. For example: C:\<....>\TLaunch.exe /auto /eAttachmate /pBackground /b /t /m /hA/s /q /xSUPER_WRITE |
|
/hwnd |
Use this parameter to pass an application handle to the terminal launcher. This parameter indicates the application window the terminal launcher should interact with. For example: This is an application definition script that uses GetHandle command to get the handle and passes it to TLaunch.exe using the /hwnd parameter. GetReg "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SLProto.exe\Path" ?SLLocation If ?SLLocation eq "<NOTSET>" EndScript EndIf GetHandle ?PuttyHWND Strcat ?TLaunch ?SLLocation "tlaunch.exe" Strcat ?TLaunchHWND "/hwnd" ?PuttyHWND Run ?TLaunch "/auto" "/ePutty" "/l" "/pPutty - Detection and Login" "/t" "/q" "/s" ?TLaunchHWND |
Table 9-2 List of session options for EHLLAPI shared access support
|
Parameter |
Description |
|---|---|
|
/xWRITE_WRITE |
By default the application has write access and allows only supervisory application to concurrently connect to its presentation space (WRITE_SUPER). Using WRITE_WRITE parameter allows other applications with predictable behavior to share the presentation space. For example: C:\<....>\auto /e"Attachmate" /Tlaunch_script /q /s /xWRITE_WRITE |
|
/xSUPER_WRITE |
Allows other applications to have write access permissions, while the originating application may only perform supervisory functions. |
|
/xWRITE_SUPER |
Allows other applications to perform supervisory functions, while the originating application has complete control of the session. |
|
/xWRITE_READ |
Allows other applications that perform read-only functions to share their session, while the originating application has complete control of the session. |
|
/xWRITE_NONE |
Does not allow any other applications to share the presentation space. |
|
/xREAD_WRITE |
Allows other applications to write to the session, while the originating application has read-only access. |
For more information, see Emulator Programming.