Selecting specifc credential set single signing FireFox authentication dialog

  • 7940987
  • 20-Aug-2009
  • 20-Nov-2012

Environment

SecureLogin
SecureLogin SSO
SSO – 6.1 with FIXC0808001 and above
SSO – All

Situation

In Firefox, SecureLogin is unable to select a specific credential set when the FireFox authentication dialog box appears.

Resolution

After updating 6.1 with FIXC0808001 or later, SecureLogin can select a specific credential set to single sign the Firefox authentication dialog box. This can be done by adding a Generic application definition called "FireFox-CredentialSelection." If the new application definition is not added, SecureLogin's behavior in Firefox will not change. Note that the name of this application must be exactly "FireFox-CredentialSelection."  The "-" must be included.

The application definition allows the administrator to define which credentials to use to single sign the Firefox authentication dialog box of any realm or domain. The application definition contains new variables with values that are supplied from the SecureLogin SLoMoz Firefox plug-in:

  • ?FFRealm. The name of the realm that is prompting for authentication.
  • ?FFDomain. The name of the domain that is prompting for authentication.
  • ?FFDialogText. The text of the Firefox authentication dialog box.
  • ?FFCredential. The name of the credential set that the SecureLogin SLoMoz Firefox plug-in will use to populate the authentication dialog. By default, the variable will store the equivelant of [?FFRealm "?FFDomain"].
  • ?FFMustSaveCredential. The variable that controls whether SecureLogin requires users saving credentials for a specific realm or domain.

SecureLogin follows the steps below when visiting a realm or domain with the Firefox Credential Selection application definition added:

  • SLoMoz begins to draw Firefox authentication dialog box.
  • SLoMoz stores values into variables:
    • ?FFRealm
    • ?FFDomain
    • ?FFDialogText
    • ?FFCredential
  • SLoMoz checks the Firefox-CredentialSelection application definition:
    • If ?FFMustSaveCredential is set to Yes, the Remember this login with SecureLogin check box is selected and disabled.
    • If ?FFCredential returns <NOTSET>, the Remember this login with SecureLogin check box is not displayed.
    • If ?FFCredential states SysCredential, the user's network credentials (?SysUser and ?SysPassword) will be used to populate the Firefox authentication dialog box. Furthermore, if the credentials fail the user will be prompted to enter creds and will be unable to save updated creds.
    • If ?FFCredential returns Value A', the user name and password that belong to credential set Value A will be used to populate the Firefox authentication dialog box.

For more information and specific examples, please see the following knowledge base articles:

Using one credential set to single sign multiple realms or domains in Firefox https://support.microfocus.com/kb/doc.php?id=7940985

Using ?SysUser and ?SysPassword to single sign the Firefox authentication dialog box https://support.microfocus.com/kb/doc.php?id=7940986

Enforcing user to single sign FireFox authentication dialog https://support.microfocus.com/kb/doc.php?id=7940988

Additional Information

Root Cause

To single sign the FireFox authentication dialog box, the SecureLogin SLoMoz Firefox plug-in would store and retrieve the realm or domain from the text that was displayed in the authentication dialog box. However, this had a limitation in that the administrator could not:

  1. Use one credential set for multiple realms or domains.
  2. Use network credentials such as ?SysUser and ?SysPassword
  3. Choose not to single sign specific realms or domains.