5.1 Command Reference Conventions
This section consists of descriptions and examples of the commands that make up Novell SecureLogin application definitions.
An index and summary is also included as Section 2.0, Command Quick Reference.
5.1.1 Command Information
The information for each of the commands includes:
Use With values
|
Command |
Description |
|---|---|
|
Java |
Use as part of a Java* application definition. |
|
Startup |
Use as part of a startup. |
|
Terminal Launcher |
Use as part of a terminal launcher application definition. |
|
Advanced Web |
Use as part of a manually created Web site or Internet application definition. Not compatible with the Web Wizard application definition language. NOTE:A predefined application and an application definition are the same. |
|
Web Wizard |
Use as part of application definitions created automatically by the Web Wizard. Web Wizard application definitions can be kept in their original XML format or converted to an ASCII script for advanced editing. |
|
Windows |
Use as part of a Windows application definition. |
Type Values
|
Command |
Description |
|---|---|
|
Action |
Performs an action, for example, the Type command types information into a field. |
|
Dialog specifiers |
Defines dialog boxes, for example, the Parent and Class commands. |
|
Flow control commands |
Directs Novell SecureLogin to a specific location in the application definition, for example, Repeat and EndScript commands. |
|
Variable manipulators |
Modifies variables, such as the Add and Subtract commands. |
5.1.2 Web Wizard Application Definition Conventions
The SecureLogin advanced Web Wizard makes it easier for users to enable single sign-on Web sites and capture a user’s Web-based login details. When the user accesses a Web page from the browser, SecureLogin automatically launches the Web Wizard.
The Web Wizard captures the user’s login details and adds them to the user’s Web application definitions.
When managing user’s Web log in credentials, the tab of the page allows administrators to customize site and user credential details. Also available under the tab is an Advanced function that provides more functionality with their associated values and the option to convert the user’s login credentials to an application definition.
For more details on how to manage application definitions, see Section 3.0, Managing Application Definitions.
Site Matching
In SecureLogin version 6.0 and later, Web commands are added to allow much finer control of site matching. Detailed information of the loaded Web site can be matched and used to execute blocks of scripting commands.
The technique used to specify constraints upon a site match are similar to those constraints used in windows scripting.
Instead of Dialog/EndDialog commands, equivalent Site/EndSite commands have been created and can now be used.
Within these Site blocks, Match commands can be used to filter a given site. If one of the specified match commands fails to match, then the site block will fail to match as a whole. For details of the Site/EndSite block command, see Section 5.2.80, Site/Endsite.
Form/Field/Option matching
When matching a specific form, field or other match option it is often the case that multiple items will match the selection criteria. In these cases, the first item on the Web site which matches is considered to be the match.
To access the other fields which also need to be matched, subsequent match commands may be added with the same selection criteria.
NOTE:Matched items may only be matched once, and
Each ID must be unique and cannot have been used previously.
For example:
MatchField #1:1 -type "password" MatchField #1:2 -type "password"
will match a site with two password fields. The first is given the ID '#1:1' the second is given the ID '#1:2'
Form/Field/Option ID’s
When matching a site, match methods are used to give specific fields, forms and options their own unique ID.
Once the site has been successfully matched, the given ID is used in input commands to specify particular items.
The actual ID's are denoted with a # followed by 1, 2 or 3 numbers, each separated by a colon – for instance, "#1:3:2".
5.1.3 Auditing
For auditing, use either the AuditEvent command built into Novell SecureLogin or the LogEvent command from the Windows Resource Kit. Refer the Novell SecureLogin 7.0 Administration Guide.
For details, see Section 5.2.4, AuditEvent
5.1.4 One-Time Passwords
The use of multiple passwords places a high maintenance overhead on large enterprises. Users are routinely required to use and manage multiple passwords, which can result in a significant cost, particularly with regard to calls to the help desk to reset forgotten passwords, or to ensure that all passwords are provisioned when a new user starts or are deleted when an existing user leaves the organization.
One of the main benefits of implementing one-time password systems is that it is impossible for a password to be captured on the wire and replayed to the server. This is particularly important if a system does not encrypt the password went it is sent to the server, as is the case with many legacy mainframe systems.
One-time passwords also offer advantages in terms of disaster recovery because the encryption key is used to generate the one-time password rarely changes. System restoration, which might be to a system version that is hours or many months old, can be achieved without consideration of restoring users' passwords or notifying staff of new passwords.
Novell SecureLogin provides a secure, robust and scalable infrastructure by integrating ActivCard* one-time password authentication functionality.
For details of the GenerateOTP command, see Section 5.2.26, GenerateOTP