SecureLogin data returns after being deleted

  • 7008623
  • 20-May-2011
  • 26-Apr-2012

Environment

Novell SecureLogin
NSL6.x
NSL7.x
SecretStore

Situation

SecureLogin user data returns after being deleted in iManger by clicking "Delete SecureLogin configuration on this object" from the "Advanced" tab in the SecurLogin manage SSO plugin
User is not prompted for a new passphrase as expected after deleting SecureLogin configuration in iManager
Problem also occurs if data is cleared with SLManager
Problem occurs even with the local cache file deleted.
Problem occurs even in a single server tree.

Resolution

This occurs because Secret Store is being used.

Use the Secret Store iManager plugin to clear credentials instead of the SecureLogin plugin in a Secret Store environment.


Additional Information

In a SecretStore environment user credentials are stored in the user's Secret Store attributes ("SAS:SecretStoreData), not in the user's SecureLogin attributes ("Prot:SSO Entries").  Clearing the SecureLogin information (clear object data) does not delete the Secret Store information related to NSL.

Note however, that deleting a user's entire Secret Store may not be appropriate if other applications are also using Secret Store.  It may be better to simply delete those references and links which are associated with the desired NSL application credential sets.


Steps to duplicate:
1. Click "Delete SecureLogin configuration on this object" on the "Advanced" tab in the Manage SSO plugin in iManager
2. Shutdown NSL on the workstation
3. Delete the SecureLogin workstation cache located on XP workstations at C:\Documents and Settings\<username>\Application Data\SecureLogin\Cache, or on Windows 7 workstations at C:\Users\<username>\AppData\Roaming\SecureLogin\Cache
4. Restart SecureLogin as the same user
5. At this point the user should be prompted to create a passphrase.  This does not happen.
6. Open "manage logins" on the workstation.  The credentials that were expected to have been deleted will still exist.