NetIQ SecureLogin 8.0.1 includes new features, improves usability, and resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the NetIQ SecureLogin forum on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.
The documentation for this product is available on the NetIQ Web site in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click comment on this topic at the bottom of any page in the HTML version of the documentation posted at the NetIQ SecureLogin documentation page. To download this product, see the NetIQ SecureLogin Product Upgrade Web site.
The following outline the key features and functions provided in this version, and the issues resolved in this release:
In addition to the existing localized languages, NetIQ SecureLogin is now localized in Polish language.
In addition to the existing support for the Windows and Citrix platforms, NetIQ SecureLogin 8.0.1 supports Windows 8.1 platform.
This release introduces an evaluation version and this can be downloaded from the NetIQ Products page. Using the evaluation version you can try out all the features of SecureLogin on a 30-day trial mode, without buying licenses.
Currently upgrading to a license model from the evaluation version is not supported. If you plan to buy the licenses of SecureLogin, uninstall the evaluation version and install the licensed version.
For instructions on installing SecureLogin, see NetIQ SecureLogin Installation Guide
In addition to Mozilla Firefox browser versions 19 to 24, this release supports Mozilla Firefox browser versions 25 to 28.
In addition to the support for Internet Explorer 8, 9, and 10, NetIQ SecureLogin 8.0.1 supports Internet Explorer 11 on Windows 7 and Windows 8.1 platforms.
The Application Definition wizard is enhanced with more specific single sign-on options.
In this release, the Add Application wizard opens the script editor for the selected application. When you launch an application and there is an existing application definition, the Add Application wizard displays the following additional option:
Cancel, open script editor so I can make changes.
Selecting this option, closes the wizard and opens the script editor of the application.
This release of NetIQ SecureLogin includes several new preferences. The preferences are organized into groups and a new group, .Net is introduced. In addition to the existing preferences, following are the list of new preferences categorized in different groups:
.Net:
|
Preference |
Default |
|---|---|
|
Allow single sign-on to WindowsAutomation (DotNet) applications |
Yes |
|
Add application prompts for WindowsAutomation (DotNet) applications |
Yes |
|
Start the WindowsAutomation (DotNet) monitor/automation worker |
Yes |
NOTE:The Start the WindowsAutomation (DotNet) monitor/automation worker preference replaces the DISABLE_DOTNETSSO registry setting.
Web:
|
Preference |
Default |
|---|---|
|
Allow single sign-on to Flash applications |
No |
|
Start the Flash monitor/automation worker |
No |
|
Add application prompts for web pages on mutation |
No |
|
Enable DHTML monitor on web pages |
Yes |
Window:
|
Preference |
Default |
|---|---|
|
Start the Windows 32bit (WinSSO32) monitor/automation worker |
Yes |
|
Start the Windows 64bit (WinSSO64) monitor/automation worker |
Yes |
Wizard group:
|
Preference |
Default |
|---|---|
|
Show Add Application wizard with minimal actions |
No |
|
Skip the wizard process and use defaults for new forms |
No |
You can specify if the Add Application wizard must show the default options or minimal options.
If you set the wizard preference Show Add Application wizard with minimal actions to Yes, the Add Application wizard displays the following minimal options:
Yes, I want to single sign using the default selections done by the wizard.
Cancel, I do not want to single sign this screen at this time.
No, never prompt me to single sign this screen.
You can ignore the wizard process and use the default wizard selection instead.
If you set the wizard preference Skip the wizard process and use defaults for new forms to Yes, then the default wizard selections are applied for all the pages of the application and you can switch between the panes instead of making changes sequentially.
You can now use Application Definition wizard to handle DHTML events. The wizard enables single sign-on for Web pages that require DHTML script.
A new preference, Enable DHTML monitor on web pages, is added to enable or disable the DHTML setting. When you manage the single sign-on by using the Administrative Management Utility or user interface, you can enable the DHTML setting by selecting the default value, Yes for the preference.
For DHTML applications that depend on mutation events, the Add application prompts for web pages on mutation preference must be set to Yes to single sign-on to the application.
NOTE:The Enable DHTML monitor on web pages preference replaces WEBSSO_DHTML registry setting.
In the Application Definitions wizard, perform the following to generate the DHTML script:
Select Matching criteria and then select Yes. Use additional Wizard generated rules to manually define the matching criteria.
Select Matching events under Rules.
Use Wizard generated rules must be selected to view this rule.
Select Page Events and then select the appropriate option (create, mutate or create mutate)
Current form matching must be selected to view this option.
NetIQ SecureLogin caches the application that are launched. The user can click on the icon and view the list of opened applications. When the applications are cached, the color of the icon changes to orange. When you clear the list of applications, the icon changes to blue, which is the default color.
This release introduces a facility to log Syslog audit messages. During installation, NetIQ SecureLogin is configured on each host to connect and generate logs for a specific syslog service.
This enhances the auditing mechanism and removes the need of having another Security Information and Event Management (SIEM) solution.
Select Syslog Server option under Auditing to enable the Syslog auditing feature.
Specify the name of the server that is to be configured as the Syslog server. By default the Syslog server address is set to localhost and the supported protocol is UDP.
By default, the Syslog server listens on port 514.
Select the language in which the event message should be sent to Syslog server. The supported languages are:
German
English
Spanish
French
Japanese
Portuguese
Chinese (Traditional)
Polish
The default language is English.
Click Next to install the Syslog Auditing feature on the workstation.
To configure Syslog using command-line option, use the following command:
APPENDLOCAL=Syslog SYSLOGSERVERURI=protocol-type://server-name:port-number:X_SYSLOGLANGUAGEID=<language-code>
Replace language-code with the code from the following supported languages:
1028 - Chinese (Traditional)
1031 - German
1033 - English (Default)
1034 - Spanish
1036 - French
1041 - Japanese
1045 - Polish
1046 - Portuguese
For example: APPENDLOCAL=Syslog SYSLOGSERVERURI=udp://localhost:514:1045
To enable/ disable Syslog audit messages, create the following registry entries:
EnableSysLog
|
Purpose |
Enable/Disable sending audit events to the syslog server |
|
Location |
HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin |
|
Type |
REG_DWORD |
|
Value |
1 - Enable 0 - Disable (Default) |
SyslogServerUri
|
Purpose |
Syslog server details in the form of URI |
|
Location |
HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin |
|
Type |
REG_SZ |
|
Value |
<protocol-type>://<server-name>:<port-number>:X_SYSLOGLANGUAGEID=<language-code> For example: udp://syslog.myserver.com:514:X_SYSLOGLANGUAGEID=1033 |
SyslogMessageLanguageId
|
Purpose |
Language that should be used in sending the event message to syslog server. |
|
Location |
HKEY_LOCAL_MACHINE\SOFTWARE\Protocom\SecureLogin |
|
Type |
REG_DWORD |
|
Value |
Decimal value of the respective language as mentioned in section 1.3.1.2. |
Launch an Administrative Utility.
Click Preferences > Auditing. The Enable logging to Syslog Server option is an Administrator setting that is disabled by default. To enable logging of Syslog events on the user’s workstation, select this option and set it to Yes.
In NetIQ SecureLogin, logging of windows event messages are enabled by default.
This release provides a facility to disable logging of Windows event messages during installation. Using this option administrators can decide if workstation event messages should be logged for each workstation.
To disable logging of Windows event messages:
Launch NetIQ SecureLogin installation wizard. Review and accept the license agreement.
Select the datastore.
In the Custom Setup screen, traverse to the Auditing menu option. Windows EventLog is enabled by default. Deselect the option to stop logging of windows event logs to the workstation.
NOTE:If you have disabled logging of Windows event messages using the Installation Wizard, you must run the installation wizard once again to enable it.
Installing SecureLogin with the Windows EventLog option enabled updates the registry and creates a registry entry named EnableWindowsEventLog.
EnableWindowsEventLog
|
Purpose |
Enable/Disable sending audit events to windows event logger |
|
Location |
HKEY_LOCAL_MACHINE\Software\Protocom\SecureLogin |
|
Type |
REG_DWORD |
|
Value |
1 - Enable 0 - Disable (Default)o |
This setting when used in conjunction with the Enable logging to Windows Event log preference helps to log Windows event messages for a specific user.
NOTE:SecureLogin preferences can be managed using administrative utilities like iManager or Slmanager. To ensure that the administrative utilities are installed, ensure that you select the Directory Administration Tools option while installing SecureLogin.
Launch Administrative Utility.
Click Preferences > Auditing. The Enable logging to Windows EventLog option is enabled by default. If you want to disable logging, deselect this option.
You can run the following commands to get the information about SecureLogin (product metadata):
|
System Variables |
Value |
|---|---|
|
?sysInstallDir(Tray) |
Location of the tray or any other SecureLogin application. |
|
?sysTrayHWND |
System tray window handle. |
|
?sysProductVersion(os) |
Version of the operating system. |
|
?sysProductVersion(app) |
Version of the application on which the script is running. |
|
?sysProductVersion(worker) |
Version of the process (worker) running for the application. |
|
?sysProductVersion(someapp.exe) |
Version of some other application in the NetIQ SecureLogin folder. |
|
?sysFileVersion(app) |
Version including the patch number or the hotfix number of the application on which the script is running. |
|
?sysFileVersion(worker) |
Version including the patch number or the hotfix number of the process (worker) running on the selected application. |
|
?sysPlatform(os) |
Architecture of the operating system. |
|
?sysPlatform(worker) |
Architecture of the process (worker) that runs for the selected application. |
You can now use the keyboard shortcuts to navigate to the required options.
To view the underlined letters in menu and dialog box options, press the Alt key, on the keyboard.
This release of NetIQ SecureLogin includes the following software fixes that resolve several previous issues:
Issue: Running the DotNetSSO process (slDotNetSSO or slDotNetSSO64) may cause memory leak in third party applications. DotNetSSO also continues to run for an extended time causing extra consumption of memory and CPU resources.
Fix: With this release of NetIQ SecureLogin, when DotNetSSO identifies an improper parent or child relationship in the containers or controls, it stops checking other related containers to avoid infinite recursion. So, DotNetSSO consumes less memory or CPU utilization.
Issue: When a Web page that NetIQ SecureLogin can single sign-on is launched, the wizard prompt appears on the screen with all the options and the user is forced to select an option before proceeding.
Fix: With this release, NetIQ SecureLogin does not display the single sign-on dialog. Instead it displays a notification in the system tray for the users to decide if the dialog should be displayed or not. In addition to this, the color of the icon changes from blue to orange to indicate that the page is available for single sign-on.
If you do not want to use the wizard then you can ignore the notification and proceed.
When you click the notification pop-up, it displays the single sign-on dialog with all the options. If the user does not click on the notification pop-up, it disappears. You can activate the wizard by left clicking the icon once on the system tray and selecting the application to single sign-on.
Issue: When you use the /forceshutdown option to shut down, SecureLogin results in a crash.
Fix: With this release, this issue is resolved and you can use /forceshutdown option to shut down.
Issue: If you install SecureLogin on a workstation that already has NMAS installed, it leads to uninstallation of NMAS.
Fix: With this release of NetIQ SecureLogin, during installation, NMAS does not get uninstalled if it was already installed.
The NetIQ SecureLogin color theme is changed to blue and it matches with the color theme of other NetIQ products.
For detailed information on hardware requirements and supported operating systems and browsers, refer the Quick Start Guide.
To install NetIQ SecureLogin, refer the Installation guide.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Issue: When you launch an application for single sign-on, NetIQ SecureLogin may display multiple instances to single sign-on to the application. You need to click on each instance to identify the correct instance that you require and delete the others from the list.
Workaround: No workaround.
Issue: When you uninstall NetIQ SecureLogin, the Secure Workstation icon is not removed from the taskbar and the system tray. This issue occurs if you have installed NetIQ SecureLogin with Secure Workstation enabled.
Workaround: Log off and log in again or restart the computer.
Issue: If you have created a Group Policy Object (GPO) by using SecureLogin 8.0, upgrading SecureLogin 8.0 to 8.0.1 displays checksum error and the GPO is not updated.
Workaround: Add, modify, or delete any policy and then run gpupdate /force on both server and client computers to extract all GPOs from the server.
Issue: When you launch a DHTML Web page, a notification is displayed indicating that single sign-on can be applied for the application. If you ignore the notification and launch other applications, the DHTML Web page is cached and the Web page is not available for single sign-on by using the default wizard option.
Workaround: Single sign-on to the DHTML application when you launch it.
Issue: If you have configured SecureLogin with SSPR, the self-signed certificates do not work as expected.
Workaround: No workaround. It is recommended that you configure a trusted Certificate Authority for SSPR to avoid certificate issues.
Issue: If you use the Modify option in the installer to include the Smart card feature, it does not update the SecondaryStore value in the HKLM\Software\Protocom\Security registry key.
Workaround: If the secondary storage needs to be on Smart card, change this value manually to SmartCard. The default value is FILE.
Issue: Using the slMigrationHelper tool, if you attempt to modify the datastore from an existing one to LDAP, the datastore migration fails. This is because any LDAP or LDAPv3 mode requires NICI component to be installed.
Workaround: Use the -u option to specify the path to SecureLogin installer. For example: slmigrationhelper.exe -u C:\NetIQSecureLogin.exe -t LDAP -q. This switches the datastore to LDAP and installs NICI in the quiet mode.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
For purposes of clarity, any module, adapter or other similar material (“Module”) is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
© 2014 NetIQ Corporation. All Rights Reserved.
For information about NetIQ trademarks, see http://www.netiq.com/company/legal/.