Developing for Novell® Nsure™ SecureLogin

Gordon Mathis Senior Software Engineer, Novell Inc. gmathis@novell.com

© March 9, 2004 Novell Inc.2

one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions.

The one Net vision

Novell exteNd™

Novell Nsure™

Novell Nterprise™

Novell NgageSM

:

:

:

:

© March 9, 2004 Novell Inc.3

The one Net vision

Novell Nterprise is an innovative family of products which gives you the power to enable and manage the constant interaction of people with your business systems — regardless of who they are or where they are.

Novell Nterprise™

Novell exteNd™

Novell Nsure™

Novell Nterprise™

Novell NgageSM

:

:

:

:

© March 9, 2004 Novell Inc.4

Documentation

The documentation for SecureLogin is located in the Docs directory. Previous versions had the product documentation distributed in several different places. This made them difficult to locate in some cases.

• Nsladm – Administrators guide• Nslinst – Installation guide• Nslscrpt – Scripting guide• Nslterm – Terminal Emulation

guide• Nsltserv – Terminal Services guide• Nssadm – SecretStore guide

© March 9, 2004 Novell Inc.5

Tools

Included with SecureLogin– Wintool.exe – Window Finder (installed on

every workstation)– Loginwatch.exe – Login Watcher (Located in

NSL distribution under SecureLogin/tools directory)

Not Included– Winspector Spy – (www.windows-spy.com)

Used to monitor internal Windows Messages.– Dependency Walker – (

www.dependencywalker.com) Used to find DLL functions and dependencies.

© March 9, 2004 Novell Inc.6

Types of Applications/Scripts

1. Pre-built 2. Corporate3. Startup4. Web/Advanced Web5. Generic6. Java7. Lotus Notes8. Password Policies9. Terminal Launcher10. Windows/Advanced Windows

Scripting guide Page 14

© March 9, 2004 Novell Inc.7

Script Commands

The commands used within the script of the application will be determined by the type of the application. Certain commands are only valid for specific application types.

Scripting guide Appendix A (page 115)

© March 9, 2004 Novell Inc.8

Best Practices

Scripting Guide page 17

• Capitalization• Indenting• Leaving blank lines or Grouping• Using comments• Etc…

© March 9, 2004 Novell Inc.9

Using Symbols

Scripting Guide page 21

• #• %• “”• @• Etc…

© March 9, 2004 Novell Inc.10

Using Variables

Scripting Guide page 23

• Stored• Runtime• Directory Attribute• Internal• Etc…

© March 9, 2004 Novell Inc.11

Using Variables (cont.)

Managing/Creating Scripts

• ConsoleOne®

• MMC• SLProto.exe• SLManager.exe

© March 9, 2004 Novell Inc.12

Corporate Scripts

• All users get the same script

• Eliminates confusion for users

• Allows management from a management console

Why would you use them?

© March 9, 2004 Novell Inc.13

Startup Scripts

• Allows SecureLogin to be running before application

• Timing problems with startup scripts

Why would you use them?

© March 9, 2004 Novell Inc.14

Web & Advanced Web Scripts

• Allows SecureLogin to interact with web pages.

• Automates the authentication and navigation of web pages

• The advanced web scripts commands give additional control over the web page and it’s controls.

• Default method of sending the OK event to the web browser does not work with all web pages.

Why would you use them?

© March 9, 2004 Novell Inc.15

Generic Scripts

• Used for repeated functions that can be called or included within multiple scripts.

• Use the include command in scripts to call a generic script.

Why would you use them?

© March 9, 2004 Novell Inc.16

Java Scripts

• Java scripts are only available if Sun’s JRE 1.4.2 or better is installed. (see readme)

• Gives SecureLogin the ability to dump Java code and locate information.

• Works with both Java application and web pages that comply to Swing/AWT.

Why would you use them?

© March 9, 2004 Novell Inc.17

Lotus Notes Scripts

• Lotus Notes delivers separate dialogs for username and password.

• SecureLogin provides both a script and a interface module for Lotus Notes.

• The Lotus Notes interface module is nslassist.dll.

• Lotus Notes must be installed prior to install.

• Use pre-built Lotus Notes script.

Why would you use them?

© March 9, 2004 Novell Inc.18

Password Policies

• Allows control over types of passwords that can be used within applications.

• A unique password policy can be created for each application/script.

• Can require mixed case, min/max character or numeric values.

• Can be used in conjunction with Random password generation.

Why would you use them?

© March 9, 2004 Novell Inc.19

Terminal Launcher Scripts

• Allows interaction with terminal emulator sessions.

• Can be used to automate complicated or repetitive processes.

• Can be used for DOS based applications or any application that supports copy and paste functionality.

• Initiated by the tlaunch.exe utility.

• Dependency walker used to identify hllapi dll’s and function names.

Why would you use them?

© March 9, 2004 Novell Inc.20

Windows & Advanced Windows Scripts

• Adds support for Windows 32 bit applications.

• Monitors the standard Windows “WM_COMMAND” message to applications.

• The advanced windows command “event” allows you to change what message to monitor for application activity.

• Window Finder and Winspector used to identify specific information for each application.

Why would you use them?

© March 9, 2004 Novell Inc.21

Structure of Scripts

The script is made up of several parts. The first part of the script identifies the window or condition that forces this part of the script to execute.

For example:Dialog

Class "#32770"

Title "Contivity VPN Client"

EndDialog

See scripting guide page 31. (Finding control ID’s)

© March 9, 2004 Novell Inc.22

Structure of Scripts

The commands that follow the EndDialog are what you want to happen when this window is found.

For example:Dialog

Class "#32770"

Title "Contivity VPN Client"

EndDialog

MessageBox “We found our Window”

…

…

© March 9, 2004 Novell Inc.23

Structure of Scripts

We can have multiple dialog commands within the script.

For example:DialogClass "#32770"Title "Contivity VPN Client"EndDialogMessageBox “We found Window 1”

DialogClass "#32770"Title “Client Login"EndDialogMessageBox “We found Window 2”

© March 9, 2004 Novell Inc.24

Practice

Scripting guide page 101

Using the Wizard

Perform steps 1-6.

Scripting guide page 104

Manually creating a script.

Perform steps 1-6.

Scripting guide page 106

Using the Window Finder.

Perform steps 1-3.

Scripting guide page 106

Message box and change password.

Perform steps 1-4 & Steps 1-7.

© March 9, 2004 Novell Inc.25

Practice

iFolder – An example of Advanced Windows Scripting.

Let the Wizard create application/script.

Does it work?

What about logout and login?

Use Winspector to identify iFolder window messages.

Configure script to allow iFolder logout and login.

© March 9, 2004 Novell Inc.26

Practice

DialogClass "#32770"Title "Novell iFolder Login"

Event WM_SHOWWINDOWEndDialog

Setprompt "Username:"Type $Username #1007Setprompt "Password:"Type $Password #1079Setprompt "Optional:"Type $Optional #1001Click #1Setprompt "Enter your iFolder Credentials."

© March 9, 2004 Novell Inc.27

Practice

Launch iFolder from a startup script.

Does it work?Why not?

What can we do to make it work?

Admin guide Page 60.

sleep 1start "Ifolder" /MIN /B "C:\Program Files\Novell\

iFolder\TrayApp.exe"exit

© March 9, 2004 Novell Inc.28

Troubleshooting

• Use the MessageBox command.• Web Page script. See install guide page 113.• Deriving Application names from strings. Install guide page

114.• One script two sets of credentials. Install guide page 119.• Forcing user authentication. Install guide page 119.• Make the script not active• Walk through the application manually before creating

script and write down each and every key press and mouse click.

• Try different variations of the same or similar command. For example try single quotes instead of double quotes, or try the type command instead of the click command.

© March 9, 2004 Novell Inc.29

Support Resources

10088294 - InstallShield error codes for SecureLogin 10088017 - How to configure SecureLogin to capture debug logs 10087494 - SecureLogin doesn't click the OK button10086884 - How to configure and setup a HLLAPI emulator with

SecureLogin10086914 - How to configure and setup a generic emulator with

SecureLogin   10086962 - How to configure and setup an advanced generic emulator

with SecureLogin  

10088771 - How to configure the TeraTerm emulator with SecureLogin  10088772 - How to configure IBM client access for SecureLogin   10088768 - NSL script for aol.com 10087272 - Registry Keys and Values Used by Secure Workstation10088650 - How to use Novell Secure Login (NSL) 3.5 with BorderManager

3.8 10082829 - Configuring SecureLogin for 16 bit Windows Apps2965468 - Tool to find offsets for Advanced Generic EMU  

Questions & Answers

© March 9, 2004 Novell Inc.32

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.