Environment
Situation
Issue
SecureLogin must learn application credentials to store and remember them. When a user starts an SSO enabled application for the first time after it has been SSO enabled, they are asked for their application logon credentials such as their username and password. Some users don’t enter their correct credentials and SecureLogin is able to detect error messages and prompt the user to correct them, further reducing Helpdesk workload.
The customer is writing application connectors (formerly called scripts) to SSO enable their applications. They are including logon and error handling such as invalid Username, invalid Password etc.
They have successfully configured SecureLogin to detect an ""Invalid Password"" message presented by a particular windows application. However, when the message appears, the DisplayVariables command (as per graphic below) displays the stored password as *********** and the customer would prefer to display a prompt with the field blank so the user must retype the password in full.
The following section of the application connector was written and when the Invalid Password prompt is presented by the application the graphic below is displayed by SecureLogin;
#======================= # Invalid Password Message #======================= Dialog Class ""#32770"" Title ""Invalid Password"" EndDialog #============================================ # Click to clear the application owned error message # Prompt the user to correct their password (notice ***) # Retry Logon #============================================ Click #2 DisplayVariables ""Logon failed. Please verify your password and click OK."" $Password Type -Raw $Username Type -Raw ""\T"" Type -Raw $Password T ype -Raw ""\N""
Resolution
Cause
SecureLogin uses the DisplayVariables command typically during error handling. As the command name implies, by default, SecureLogin displays the stored variable/credential (e.g. username, password) to the user and provides them with the opportunity to view and/or correct it if it is invalid.
In the case of a username, domain name or any other credential required for logon (i.e. everything except Passwords or PINs) the credential appears in clear text (e.g. MichaelC) while passwords appear as ********.
Solution
The customer cleared the variable before displaying it using the Set command as below. When the application presents an invalid password message, before presenting the user with the stored password, the password is set to blank/nothing.
#======================= # Invalid Password Message #======================= Dialog Class ""#32770"" Title ""Invalid Password"" EndDialog #============================================ # Click to clear the application owned error message # Prompt the user to correct their password (notice ***) # Retry Logon #============================================ Set $Password """" Click #2 DisplayVariables ""Logon failed. Please verify your password and click OK."" $Password Type -Raw $Username Type -Raw ""\T"" Type -Raw $Password Type -Raw ""\N""
Now when an invalid password is detected the following appears (note the password field is blank and it must be retyped by the user;