3.2 Creating an Application Definition for a Web Application

A web application is an application that runs on a Web browser. You can create an application definition for a Web application by accepting the default selections in the wizard, or you can manually select the attributes required for the application definition.

3.2.1 Prerequisites

3.2.2 Using the Default Selections for an Application Definition

  1. Launch the web application for which you want to enable single sign-on.

    SecureLogin detects the application and prompts you to enable single sign-on.

  2. Select Yes, I want to single sign using the default selections done by the wizard.

  3. Specify your credentials, then click OK.

    SecureLogin saves your credentials in the directory. The next time you launch the application, SecureLogin provides the credentials for you.

Example: Using the Default Selections to Enable Yahoo! Mail for Single Sign-On

  1. Ensure that you have completed the prerequisites in Section 3.2.1, Prerequisites.

  2. Launch Yahoo!* Mail.

    SecureLogin detects the application and prompts you to enable it for single sign-on.

  3. Select Yes, I want to single sign using the default selections done by the Wizard.

  4. Specify your Yahoo! ID and password.

  5. Click OK.

    If you have specified the correct credentials, you are logged in to Yahoo! Mail.

    For subsequent logins, SecureLogin provides the credentials and logs in.

3.2.3 Manually Defining the Attributes for an Application Definition

  1. Ensure that you have completed the prerequisites in Section 3.2.1, Prerequisites.

  2. Launch the Web application for which you want to create an application definition.

    SecureLogin detects the application and prompts you to enable the screen for single sign-on.

  3. Select Yes, I want to single sign enable the screen using the wizard. The Application Definition Wizard page is displayed.

  4. Configure the following attributes to create an application definition.

Identifying the Screens

Use the Identify screen tab to identify the login screen. If the Application Definition Wizard identifies the login screen correctly, a check mark displays next to Identify screen. Click Show me to verify if the screen is correctly identified.

If the screen is not correctly identified, drag the Choose icon to the login screen to select it.

Specifying the Credentials Source

Use the Credential source tab to define the source of the credentials for the applications.

Some applications use their own credential set to log in. However, some applications might reuse credentials from another source, such as the user's network password or a one-time password.

Figure 3-2 Specifying the Credential Source

  1. Select This application's own credential set to use the application's credential set to log in. If you select this option, SecureLogin creates a discrete set of credentials to enable the application. The credential set has the name of the application.

  2. Select Other to define another source of credentials. If you select this option, select the source of credentials for the application.

The options for the credential source are:

Using a One-Time Password

Select A one-time password from a smart card to use a one-time password from a smart card.

Using the User’s Network Login Credentials

Select The user's network logon credentials to use the user's directory credentials to log in.

Using Credentials from Another Single Sign-On-Enabled Application

Select Another SecureLogin enabled application to use the credentials of another application enabled for single sign-on. Select the application from a list of available applications enabled for SecureLogin.

Selecting Credentials Based on a Value Identified on the Screen

Select SecureLogin selects credentials based on a value identified on this screen to provide the credentials based on the presence of a particular value on the login screen. This option uses a text entry. Regular expressions are supported in the text entry.

For example:

Connecting to server (.*)

where (.*) specifies the value that must be captured to define the credentials.

Identifying the Fields

SecureLogin must identify the fields on the login screen before it can log in to the application. Typically, these are the username and password fields. You can also configure fields such as radio buttons or edit boxes on the login screen. Use the Identify fields menu to view the selected field.

Figure 3-3 Selecting or Reviewing the Login Fields

Not Allowing SecureLogin to Handle the Fields

Select No. SecureLogin is not required to handle the fields on this screen if you do not want SecureLogin to handle the login fields on the screen.

You can use this option to create a credential set, which can be used with other application screens. Similarly, you can use the credential set to link to other application definitions.

Reviewing the Fields

  1. Select Yes. Let me select or review the logon fields to review the fields selected by the wizard. By default, SecureLogin uses the field names as the prompts in the dialog boxes. You can edit the field names to make them clear and user-friendly.

  2. If the login fields are not identified correctly, identify them manually by dragging the Choose icon to the fields and clicking the Show me icon. The selected fields are highlighted.

  3. If Show me does not highlight the correct control, update it by dragging and dropping the Choose icon to the button you want.

    or

    Use the Navigate to field using the keystrokes option:

    1. Click Start.

    2. Specify the keystrokes.

    3. Select Close to return to the Identify fields menu.

    4. Select Stop to stop the recording.

      The next time you log in to the application, the keystrokes are used to log in.

  4. Select Treat text field as a sensitive field to treat the username field like a password field and disguise the characters with asterisks. This is optional for the username but mandatory for the password.

  5. (Optional) Specify the text that SecureLogin presents when prompting the user for username and password.

Reviewing Other Fields

Click All fields to show other fields detected by the wizard on the login screen. Each control is listed by type and name (if known).

Select the field you want SecureLogin to use in managing the login for the application, then specify the actions for SecureLogin.

Depending on the application, any or all of the following fields are displayed.

  • Edit box

  • Check Box

  • Combo Box

  • Radio Button

For information about configuring SecureLogin to use these additional fields, see All Fields.

Specifying Re-authentication Rules

  1. Use the Re-authentication menu to specify if users must re-authenticate with their network credentials or an authentication device.

  2. If you select No. The user is not required to re-authenticate, SecureLogin does not prompt users to re-authenticate before providing credentials to the application.

  3. If you select Yes. Enforce re-authentication before accessing this application, users must specify credentials in order to re-authenticate.

  4. From the Select from the methods detected drop-down list, select the method SecureLogin must use. You can select from:

    • Use same Credentials as Network Login: Use the network login credentials.

    • Default: The method the user used to log in to the application.

    • Password: The network password.

    • Smart Card: After the PIN is verified, SecureLogin checks to see if the smart card belongs to the user or not.

  5. You must also specify the action SecureLogin takes when the users cancels the re-authentication.

    You can define one of the following actions:

    • Click this button: Select a button on the application that SecureLogin clicks when a user cancels the re-authentication dialog box. Select the button by dragging the Choose icon to the button you want and clicking Show me.

    • Type the following keystrokes: Define the commands or keystrokes SecureLogin enters when a user clicks Cancel in the re-authentication dialog box. To record keystrokes:

      1. Click Start.

      2. Specify the keystrokes.

      3. After you have recorded the keystrokes, click Close.

    • Re-direct the user to this website: Specify a URL to go to when a user cancels the prompt for credentials. You can redirect users to the login screen and force them to specify the login credentials again.

Defining the Submit Options

  1. Use the Submit options menu to define how SecureLogin submits the login screen.

  2. If you select The user submits the screen, SecureLogin does nothing and the user must manually submit the login screen.

  3. If you select SecureLogin submits the screen, specify the action SecureLogin takes to submit the login screen.

    You can specify one of the following actions:

    • Click this button: Select a button on the application that SecureLogin clicks when a user submits the screen. Select the button by dragging the Choose icon to the button you want and clicking Show me.

    • Type the following keystrokes: Define the commands or keystrokes SecureLogin enters to submit the login notification screen. To record keystrokes:

      1. Click Start.

      2. Specify the keystrokes.

      3. After you have recorded the keystrokes, click Close.

    • Re-direct the user to this website: Specify a URL to go to when a user submits the login notification screen.

  4. You can also specify the action SecureLogin uses when users cancel a prompt to save their credentials. For this, select Enable action when user cancels to change their password.

    You can specify one of the following actions:

    • Click this button: Select a button on the application that SecureLogin clicks when a user submits the screen.Select the button by dragging the Choose icon to the button you want and clicking Show me.

    • Type the following keystrokes: Define the commands or keystrokes SecureLogin enters to submit the login screen. To record keystrokes:

      1. Click Start.

      2. Specify the keystrokes.

      3. After you have recorded the keystrokes, click Close.

    • Re-direct users to this website: Specify a URL to go to when users cancel the change password prompt.

Defining the Matching Criteria

SecureLogin must uniquely identify each application screen in order to run an application definition. If SecureLogin cannot uniquely identify a particular application screen, you can manually define the matching criteria.

  1. Use the Matching criteria menu to define the matching criteria.

  2. If you select No. Use minimal rules based on your previous selections, SecureLogin uses the rules defined in previous attribute panels to identify and handle the application window.

  3. If you select Yes. Use additional Wizard generated rules, you can add, modify, or remove rules. Your matching criteria must include at least one rule. After you select this option, the following screen appears:

  4. By default, Use Wizard generated rules is selected. The Rules text box lists the controls that are detected by SecureLogin. You can add a new rule by dragging the Choose icon to a specific control on the application window and then clicking Show me to confirm that SecureLogin has identified the correct control.

    To modify a rule for a control:

    1. Select the rule you want to edit, then click Configure more detailed match for this control

    2. Define what SecureLogin must match. You can set the following matching rule:

      • SecureLogin is to match value displayed: If you select this option, SecureLogin only matches those screens that exactly match the displayed text and rules identified.

To verify if your regular expression is correct, click Test Match.

If a regular expression does not match any control on the application screen, SecureLogin prompts you to verify your regular expression and select the correct control.

You have successfully completed creating an application definition for a Web application. The next time you launch the application, SecureLogin provides the credentials for you.