Environment
Situation
Issue
The customer is developing an application definition (script) for an in-house developed application. The application definition is designed to handle logon, invalid logon, account locked and change password.
Users are prompted to enter their logon credentials the first time they run the application after it has been SSO enabled. Once SecureLogin has ""learnt"" the credentials, it encrypts and stores them in the Directory and uses them for all future logon attempts.
However, a user might enter an invalid password (or username) when they are first prompted for it so logon would fail logon to the application until the invalid credential is corrected.
SecureLogin handles this using the DisplayVariables command. SecureLogin detects the application owned ""Invalid Logon"" message and prompts the user with the stored credentials using DisplayVariables.
DisplayVariables read and displays the stored credentials and the user can correct their invalid credential/s and retry logon.
In this case, although it appears to be scripted properly, SecureLogin does nothing when logon fails. The SSO administrator (correctly) expects SecureLogin will prompt the user with their stored credentials and retry logon.
Resolution
Cause
SecureLogin parses the application definition from the DisplayVariables command to the bottom of the definition. It can only display variables that appear;
- As part of the DisplayVariables command line
- Below the DisplayVariables command in the application definition
The SSO administrator had added the Login Failure section to the bottom of the application definition and had not specified which credentials to display.
For this application, a message titled ""Login Failure"" will appear. The application is sophisticated enough so the message in the dialog box is able to detect and report either an Invalid Username or Invalid Password. The SSO administrator is therefore able to streamline SecureLogin and prompt the user to VERIFY ONLY the credential that is invalid, rather than prompting the user to verify all credentials.
Note: this only displays the relevant section of the application definition. The full definition contains logon, change password etc.
#==========================================================================# # Logon failed, prompt the user to correct the credentials and retry logon # #==========================================================================# Dialog Class ""#32770"" Title ""Login Failure"" EndDialog #====================================================# # Read and clear the application owned error message # #====================================================# ReadText #65535 ?ErrorMsg Click #2 #=========================================================# # If the Username is wrong, prompt the user to correct it # #=========================================================# If ""Invalid Username"" -In ?ErrorMsg DisplayVariables ""Logon failed. Verify your Username."" EndIf #=========================================================# # If the Password is wrong, prompt the user to correct it # #=========================================================# If ""Invalid Password"" -In ?ErrorMsg DisplayVariables ""Logon failed. Verify your Password."" EndIf
Solution
The easiest solution is to add the credentials to display to the DisplayVariables command. Without the variables to display also appearing in the command, SecureLogin doesn’t know which credentials to display UNLESS some credentials appear below the DisplayVariables command in the application definition.
By including the credentials to display with the command, the DisplayVariables command will always work and this approach is considered best practice.
#==========================================================================# # Logon failed, prompt the user to correct the credentials and retry logon # #==========================================================================# Dialog Class ""#32770"" Title ""Login Failure"" EndDialog #====================================================# # Read and clear the application owned error message # #====================================================# ReadText #65535 ?ErrorMsg Click #2 #=========================================================# # If the Username is wrong, prompt the user to correct it # #=========================================================# If ""Invalid Username"" -In ?ErrorMsg DisplayVariables ""Logon failed. Verify your Username.""$Username EndIf #=========================================================# # If the Password is wrong, prompt the user to correct it # #=========================================================# If ""Invalid Password"" -In ?ErrorMsg DisplayVariables ""Logon failed. Verify your Password.""$Password EndIf