Environment
NetIQ SecureLogin
NSL 7.x
NSL 8.x
Application with multiple pages that require authentication, each with a different credential set.
NSL 7.x
NSL 8.x
Application with multiple pages that require authentication, each with a different credential set.
Situation
Users are presented with a list of credentials to select from when application launches.
SetPlat commands in the script specify which credential set to use for each page. Intent is that SecureLogin already know which cred set to use, and not prompt the user.
However, at initial login SecureLogin presents all credential sets and prompts the user to pick one.
SecureLogin (as expected) does not prompt users to select credentials when accessing other pages requiring authentication.
SetPlat commands in the script specify which credential set to use for each page. Intent is that SecureLogin already know which cred set to use, and not prompt the user.
However, at initial login SecureLogin presents all credential sets and prompts the user to pick one.
SecureLogin (as expected) does not prompt users to select credentials when accessing other pages requiring authentication.
Resolution
Change SetPlat command for the main login page to be something other than the name of the application.
For example, in the application "myApplication," change "SetPlat myApplication" to "SetPlat SomethingElse" (Anything else - e.g. myApplication2)
For example, in the application "myApplication," change "SetPlat myApplication" to "SetPlat SomethingElse" (Anything else - e.g. myApplication2)
Additional Information
When a SecureLogin "application" is created a "login" by the same name is created for that application. E.g. if an application called "myApplication" is created, a login called "myApplication" will also be created and linked to the application..
This login (i.e. credential set) is considered by SecureLogin to be inextricably connected with the application.
When additional credential sets are added (with SetPlat) these are also linked to the application. And because the initial credential set (e.g. the "myApplication"), has the same name as the application, these other credential sets are also linked to the initial credential set (e.g. myApplication).
Therefore, when "setplat myApplication" executes, SecureLogin sees that the other credential sets are linked to the myApplication" credential set, isn't sure which is needed, and presents all linked applications for the user to pick from.
This is a special case for "setplat ." The setplat command only presents all of the linked credentials if the cred set it points to (e.g. "setplat myApplication") has the same name as the application itself.
To get around this, create an additional credential set with a name different than the application name. Pointing setplat to this one will not trigger the prompt for all associated cred sets.
Note that it is not necessary to manually create the logins. This happens automatically the first time it setplat invokes each one.
Also note that a default login will be created with the same name as the application, but it does not need to be used.
This login (i.e. credential set) is considered by SecureLogin to be inextricably connected with the application.
When additional credential sets are added (with SetPlat) these are also linked to the application. And because the initial credential set (e.g. the "myApplication"), has the same name as the application, these other credential sets are also linked to the initial credential set (e.g. myApplication).
Therefore, when "setplat myApplication" executes, SecureLogin sees that the other credential sets are linked to the myApplication" credential set, isn't sure which is needed, and presents all linked applications for the user to pick from.
This is a special case for "setplat ." The setplat command only presents all of the linked credentials if the cred set it points to (e.g. "setplat myApplication") has the same name as the application itself.
To get around this, create an additional credential set with a name different than the application name. Pointing setplat to this one will not trigger the prompt for all associated cred sets.
Note that it is not necessary to manually create the logins. This happens automatically the first time it setplat invokes each one.
Also note that a default login will be created with the same name as the application, but it does not need to be used.