Environment
Situation
Question
How can I SSO enable a Windows applicationwithout the wizard? Are there any sample Windows application definitions (scripts) for the Password Test Application simulator? I want to know how scripting Windows applications works and this demonstration application should help.
Resolution
Answer
There are a number of ways to SSO enable a windows application including the powerful wizards, predefined applications, and writing it from scratch.
The following application definition for the Password Test Application provides an example of typical windows scripting, including error handling and change password.
If you wish to apply a password policy, you must create a password policy called TestPwdPolicy as per the password policy defined in this script. It must require a minimum of 6 characters but no complex rules (to allow ""single"" to be used as the password.)
When you click on Help -> About within the application you can see the initial password must always be""single"". Whenever you close the application and reopen it, you must enter the password ""single"" or logon will fail. This will cause cosmetic issues if you have changed the password and stored the new password. You simply need to be aware of this issue when enabling the application and be sure to enter ""single"" as the password if you close it.
Here is the sample script in its entirety. Following this script is the explanation of exactly what each section does.
The Window Finder tool can be used to gather information about the Title, Class names, Dialog IDs etc. The Wizard can be used to automate script creation.
#================================================================# # ID: CINOM32.EXE # # Name: CRIMINT Application # # Type: Windows # # # #================================================================# #======================# # Set Password Policy # #======================# RestrictVariable $Password TestPwdPolicy RestrictVariable ?NewPwd TestPwdPolicy #===============# # Logon Prompt # #===============# Dialog Title ""Login"" Class ""#32770"" Ctrl #1001 EndDialog SetPrompt ""Username =====>"" Type $Username #1001 SetPrompt ""Password =====>"" Type $Password #1002 SetPrompt ""Domain =====>"" Type $Domain #1003 Click #1 SetPrompt ""Please enter your Username and Password to access PSL Test. SecureLogin will remember and automatically log you on in future. IT Helpdesk x4563."" #==============================================================# # Invalid logon - Prompt the user to verify their credentials # #==============================================================# Dialog Title ""Login Failure"" Class ""#32770"" EndDialog #==========================================================================# # Read the error message and set it as a temporary variable, then clear it # #==========================================================================# ReadText #65535 ?ErrorMessage Click #2 #========================================================================# # Logon failed, prompt the user to verify stored Username and Password # # Press Alt>F and L to invoke the Logon box so the User doesn’t have to. # #========================================================================# If ""You have failed to login."" -In ?ErrorMessage DisplayVariables ""Login to Test Application failed. Please verify your credentials and click OK to retry logon. IT Helpdesk x4563"" $Username $Password Type -Raw ""\Alt+F"" Type -Raw ""L"" EndIf #======================== # Change Password Prompt #======================== Dialog Title ""Change Password"" Class ""#32770"" EndDialog Type $Username #1015 Type $Password #1004 ChangePassword ?NewPwd ""Please enter a new password for the application."" Type ?NewPwd #1005 Type ?NewPwd #1006 Click #1 #========================================================# # Change Password Successful message # # Clear Application owned message and save new password # #========================================================# Dialog Title ""Change Successful"" Class ""#32770"" Ctrl #65535 ""You have changed the password successfully."" EndDialog Click #2 Set $Password ?NewPwd
- Dialog/EndDialog blocks define a windows dialog box, message or prompt you want SecureLogin to activate on e.g. a dialog box or message that pops up on the screen you want cleared, read, or data entered into.
- When the dialog box appears, SecureLogin detects it based on the information found within the Dialog/EndDialog block and executes the lines of script that apply to the dialog box, message or prompt.
- We are often asked how much information you need to include in the Dialog/EndDialog block. There must be enough information for SecureLogin to uniquely identify the dialog box, message or prompt, or the rules (script) will run when other dialog boxes owned by the same executable with the same information appear. For example, a Dialog/EndDialog block that contains only Class #32770 (which is common for Windows apps) will try to run every time SecureLogin sees the Class appear in that executable. Therefore, it is important to include the Title, message and other control IDs when defining Dialog/EndDialog blocks.
- When SecureLogin detects all the information between the Dialog and EndDialog commands exists on the screen (e.g. application logon box, change password box, failed logon box), it runs the script commands until it sees the next Dialog command or the end of the script, whichever is applicable.
- The order of Dialog/EndDialog blocks does not technically matter in windows scripts, SecureLogin ""watches"" for all dialog boxes while the executable is running. We suggest a logical order for troubleshooting purposes.
This section of the document steps through the sections of the script and explains how they work.
Password Policy - Marry the policy to the application
#======================#
# Set Password Policy #
#======================#
RestrictVariable $Password PwdTestPolicy
RestrictVariable ?NewPwd PwdTestPolicy
Applys the password policy to current password ($Password) and new passwords (?NewPwd).
Application Logon - Detect Logon Prompt and automate login (SSO)
#===================#
# Logon Prompt #
#===================#
Dialog
Title ""Login""
Class ""#32770""
Ctrl #1001
EndDialog
When SecureLogin sees a dialog box, prompt or message with these characteristics, it starts the script.
- Title is ""Login""
- Class is #32770
- Username field is Dialog ID #1001
- Password is Dialog ID #1002
- Other field is Dialog ID #1003
- The OK button is Dialog ID #1
SetPrompt ""Username =====>"" Type $Username #1001 SetPrompt ""Password =====>"" Type $Password #1002 SetPrompt ""Domain =====>"" Type $Domain #1003 Click #1
SetPrompt ""Please enter your Username and Password to access PSL Test. SecureLogin will remember and automatically log you on in future. IT x4546""
Type the stored ($) Username variable into #1001 etc. SetPrompt is used to customize the window the user sees when they have no credentials stored. When the user first runs a newly SSO enabled application, SecureLogin will prompt for their logon credentials, and store and remember them for future logon attempts).
SetPrompt customizes the box as per below. It is only seen when SecureLogin does not have any credentials stored for the user (i.e. when they first run the application after it has been SSO enabled).
Login Failure - Error Handling (User has invalid credentials stored)
- Title is ""Login Failure""
- Class is #32770
- The error can be found using the Window Finder. You can even copy and paste from the Window Finder.
- The OK Button is Dialog ID #2
#=============================================================# # Invalid logon - Prompt the user to verify their credentials # #=============================================================# Dialog Title ""Login Failure"" Class ""#32770"" EndDialog #==========================================================================# # Read the error message and set it as a temporary variable, then clear it # #==========================================================================# ReadText #65535 ?ErrorMessage Click #2 #=================================================================# # Logon failed, prompt the user to verify stored credentials # # Press Alt>F and L to invoke the Logon box so the User doesn’t have to. # #=========================================================================# If ""You have failed to login."" -In ?ErrorMessage DisplayVariables ""Login to PSL Test Application failed. Please verify your credentials and click OK to retry logon. IT Helpdesk x4563"" $Username $Password Type -Raw ""\Alt+F"" Type -Raw ""L"" EndIf
DisplayVariables brings up this dialog box, prompting the user to verify their credentials and try again.
#========================#
# Change Password Prompt #
#========================#
Dialog
Title ""Change Password""
Class ""#32770""
EndDialog
This section of the script executes when the application owned Change Password dialog box displays.
- Title is ""Change Password""
- Class is #32770
- Username is Dialog ID #1015
- Old Password is Dialog ID #1004
- New Password is Dialog ID #1005
- Confirm Password is Dialog ID #1006
- OK Button is Dialog ID #1
Type $Username #1015 Type $Password #1004 ChangePassword ?NewPwd ""Please enter a new password for the application.""Type ?NewPwd #1005 Type ?NewPwd #1006 Click #1
The Change Password routine automatically fills the current Username and Password and prompts the user to select a new password (SSO could also randomly generate a password so the process is seamless to the user, if desired).
The SecureLogin change password routine updates the stored password for future use and also fills in the application owned change password dialog box so the application server is updated. You can optionally randomly generate a new password so the user isn’t involved in the process (and doesn’t even know their application password, further enhancing security).
Change Password Successful
The following section sets the password when the application accepts it. This is particularly important when an application might return messages such as ""the password is the same as the current password"", ""the new password cannot be the same as an old password"" etc. Where possible (i.e. where applications natively advise the password change is successful), you should only set the new password (save it to SSO store) when the application has accepted it and returned a message (so you aren’t assuming it has been changed when it hasn’t).
#========================================================# # Change Password Successful message # # Clear Application owned message and save new password # #========================================================# Dialog Title ""Change Successful"" Class ""#32770"" Ctrl #65535 ""You have changed the password successfully."" EndDialogThis section of the script executes when the application owned ""Change Successful"" (Password) dialog box displays.
Click #2Set $Password?NewPwd