Novell Doc: Novell SecureLogin 6.1 SP1 Administration Guide - Enabling Applications and Web Sites for Single Sign-On

9.1 Enabling Applications and Web Sites for Single Sign-On

Novell® SecureLogin has the following features:

Predefined applications for single sign-on to access a wide range of commercially available applications.
The ability to detect applications for which a predefined application exists. For example, if SecureLogin detects a SAP login dialog box, then SecureLogin prompts the user with an option to allow SecureLogin to automatically enable the application for single sign-on.

NOTE:Predefined applications for commonly used applications are provided with the SecureLogin application, and with each new version, more are developed and made available to the Novell customers.
Wizards and application definitions to facilitate single sign-on to almost any new or proprietary application if a predefined application is not available. This helps you or Novell Support to build an application definition for almost any proprietary application or upgrade.
Support for single sign-on-enabling of most standard terminal emulator applications.
Additional single sign-on tools, such as the Window Finder and LoginWatch, which help you enable even the most difficult applications for single sign-on.

NOTE:You can enable terminal emulators for single sign-on by using the Terminal Launcher tool.

It stores the login information requirements for applications including:

Table 9-1 Login Information Stored by Novell SecureLogin

Credentials, including but not limited to:	Username UserID Login ID Password PINs Domain Database names Server IP address
Responses to dialog boxes, messages and windows events, for example:	Login Incorrect credentials Password expiry and reset Error messages, including non-compliance to password rules Account locked Database locked

Before SecureLogin can enable an application for single sign-on for a particular user, it must learn the user’s application credentials so that SecureLogin can encrypt and store them for future logins, unless it is used in conjunction with Identity Management solutions such as Novell Identity Manager.

When a user starts an application for the first time after the application was enabled for single sign-on, SecureLogin prompts the user for application credentials, and then encrypts and stores them in the directory against the user object. The credentials are passed automatically to the application for subsequent logins.

Automated single sign-on is achieved by using proprietary application definitions. Application definitions are managed in directory environments through SecureLogin management utilities, including the Administrative Management utility, iManager plug-in, and Active Directory MMC plug-in. Locally and in standalone deployments, application definitions are managed in the Personal Management utility or distributed by using the advanced offline signed and encrypted method.

Applications that are enabled for single sign-on are created, modified, and deleted in the Applications pane. You can also create application definitions with SecureLogin wizards. There are a wide range of options in SecureLogin to enable applications. Regardless of the origin of the application definition, when an application is enabled for single sign-on, it is added and maintained in the Applications Properties Table.