What happens if you have SecureLogin SSO setup with AAVerify, but SecureLogin Advanced Authentication (in Microsoft Environments) or NMAS (in Novell environments) are not setup on the client?

  • 7940302
  • 19-Aug-2009
  • 26-Apr-2012


SecureLogin SSO
All Versions
MS AD, LDAP, NT4, Citrix, Terminal Services


What happens if you have SecureLogin SSO setup using the AAVerify command, but SecureLogin Advanced Authentication (in Microsoft Active Directory Environments) or NMAS (in Novell eDirectory environments) are not setup on the client workstation?


Note: Information on AAVerify is also in the SecureLogin SSO scripting guide.

SecureLogin SSO’s AAVerify command can enforce strong security on applications and functions that are unable to do so natively. The command can only be used in conjunction with SecureLogin Advanced Authentication (SLAA) or Novell Modular Authentication Services (NMAS). NMAS and SLAA enforce authentication that is stronger than passwords.

AAVerify can be used to force strong authentication such as biometric (e.g. fingerprint), token (e.g. ActivIdentity, VASCO or RSA) or Smartcard logon to applications, including the most basic applications such as Hotmail or even Notepad because you can do so WITHOUT having to change applications or place modules on application servers.

AAVerify works by requesting the configured strong authentication method before SecureLogin SSO will retrieve and enter the username and password for the application.

For AAVerify and SecureLogin SSO to work, you must have both the SecureLogin SSO client and the SecureLogin Advanced Authentication (in a Microsoft Active Directory environment) or NMAS (in a Novell Directory environment) installed on the local workstation.

If SLAA or NMAS is not setup on the client but SSO is installed, the AAVerify command will always return a “False” value for the AAVerify. In the example below, the password protected screen saver would be invoked.

To resolve this issue, SLAA (or the NMAS client in Novell environments) should be installed on the client. Once this is complete, the user will be presented with a re-verification prompt. If the user enters their correct VASCO credentials (e.g. PIN + Token) the value will be “True” and the SSO agent will retrieve the credentials and logon to the application.

 #====================== # Logon Prompt #====================== Dialog Title ""Log in"" Class #32770 EndDialog AAVerify -Method ""Token"" ?Result If ?Result Eq ""True"" Type $Username #1001 SetPrompt ""Password ===>"" Type $Password #1002 Click #1 Else Run ""c:\windows\system32\rundll32.exe""""user32.dll,LockWorkStation"" EndIf