Emulating single signon with newlook



Similar documents
Enterprise Security Interests Require SSL with telnet server from outside the LAN

Encrypting*a*Windows*7*Hard*Disk* with%bitlocker%disk%encryption!

ClickView app for iphone and ipad User manual for admins/teachers

GTS Software Pty Ltd. Remote Desktop Services

Single Sign-On Access Management A Technical Framework on Access Management Systems

Active Directory Integration for Greentree

14.1. bs^ir^qfkd=obcib`qflk= Ñçê=emI=rkfuI=~åÇ=léÉåsjp=eçëíë

The State of System i Security & The Top 10 OS/400 Security Risks. Copyright 2006 The PowerTech Group, Inc

Data Backup Procedure for Mac Users (Mac OS 10.4)

INTRODUCTION TO ATRIUM... 2 SYSTEM REQUIREMENTS... 2 TECHNICAL DETAILS... 2 LOGGING INTO ATRIUM... 3 SETTINGS... 4 NAVIGATION PANEL...

Version 3.2 Release Note. V3.2 Release Note

INSTALLATION INSTRUCTIONS FOR UKSSOGATEWAY

NetSuite OpenAir Mobile for Android User Guide Version 1.3

i5/os and related software Distributing software

Using the Educator Dashboard

Remote Access VPN SSL VPN Access via Internet Explorer

Installation and configuration of Real-Time Monitoring Tool (RTMT)

Insolvency System. For further information and assistance please contact ABR Customer Service

Instructions for Registering for a Miradi Account & Installing Miradi Software

Remote Desktop Web Access. Using Remote Desktop Web Access

Microsoft Office 365 with MailDefender

Password Power 8 Plug-In for Lotus Domino Single Sign-On via Kerberos

VIVIDESK Desktops can be accessed with a Macintosh Computer by one of two methods:

Interact for Microsoft Office

This manual will illustrate how to integrate your WordPress Blog or website with the Docebo Learning Management System.

Securing Your User Profiles Against Abuse

Performance Navigator Installation

SOS SO S O n O lin n e lin e Bac Ba kup cku ck p u USER MANUAL

Integration Overview. Web Services and Single Sign On

PUBLIC Password Manager for SAP Single Sign-On Implementation Guide

How to set up Outlook Anywhere on your home system

PCLaw Data Import Module

How to use SURA in three simple steps:

Using the Content Distribution Manager GUI

Instructions: Configuring Outlook 2003 with Exchange 2010 on the FIUMail

Guidelines for Using the Web Help Desk

Using Bitlocker to Encrypt your Flash Drive Information Technology Services July 27, 2012

Administering Jive for Outlook

Centrify Mobile Authentication Services

Get Smart Card Ready. How to Recover Your Old (Expired) Certificates

Using the Secure District File Retrieval System to Access 2008 AYP Accountability Reports

QUANTIFY INSTALLATION GUIDE

Managing Documents in the Citrix XenApp Remote Desktop

Macs are not directly compatible with Noetix.

Configuring on Mobile Devices

Security Service tools user IDs and passwords

PassKey Manager. Schoolwires Centricity

Citrix Password Manager Using the Account Self-Service Feature. Citrix Password Manager 4.6 with Service Pack 1 Citrix XenApp 5.0, Platinum Edition

Kallidus User Guide. Step-by-step instructions for users of the Eversheds Learning Management System (LMS)

KeePass Getting Started on Windows

Time Stamp. Instruction Booklet

AVAYA LEARNING CENTER END USER GUIDE-PART 1. 1 August 2013 v1

Feith Document Database Version 8.1 Install Guide

How to Install a Network-Licensed Version of IBM SPSS Statistics 19

Network Edition Download / Installation Instructions

Egress Switch Administration Panel. User Guide

StarWind iscsi SAN & NAS: Configuring HA Storage for Hyper-V October 2012

PowerDMS SYNC Overview

How To Restore Your Data On A Backup By Mozy (Windows) On A Pc Or Macbook Or Macintosh (Windows 2) On Your Computer Or Mac) On An Pc Or Ipad (Windows 3) On Pc Or Pc Or Micro

educ Office Remove & create new Outlook profile

How to create a portable encrypted USB Key using TrueCrypt

Section 5 Configuring the Partition for Enterprise Output Manager (EOM)

Quick Start Guide. Microsoft Access 2013 looks different from previous versions, so we created this guide to help you minimize the learning curve.

Samsung KNOX EMM Authentication Services. SDK Quick Start Guide

Online Backup and Recovery Manager Setup for Microsoft Windows.

Remote Access End User Guide (Cisco VPN Client)

DSG SoftPhone & USB Phone Series User Guide

Net 2. NetApp Electronic Library. User Guide for Net 2 Client Version 6.0a

Citrix for Mac Installation

Connecting To SOM Network Drives With Windows XP

Centrify Mobile Authentication Services for Samsung KNOX

ELR (Educational Lending Right) School Library Survey Matching Program for Amlib Installation and User Guide

For paid computer support call

B&SC Office 365

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # )

How to Setup OSX Mail to POP an Exchange Account

KI6501 Data Manager. Software User Manual

VPN: Virtual Private Network Setup Instructions

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

PC Agent Quick Start. Open the Agent. Autonomy Connected Backup. Version 8.8. Revision 0

Joining a Meeting. Before You Join a Meeting

LifeCyclePlus Version 1

Log-in made easy. MB Advantage Single Sign-On Now Available to DealerTrack.

Manually Configuring Windows Vista for Wireless PittNet

This presentation covers virtual application shared services supplied with IBM Workload Deployer version 3.1.

You may have been given a download link on your trial software . Use this link to download the software.

Welcome (slide 1) Welcome to the Florida Department of Education Single Sign-On tutorial for federated user login and navigation.

NSave Table of Contents

How to Attach Files in Blackboard Learn , Messages, Discussions, and Assignments

There are also IBM Knowledge Base documents available on the internet at the following location. Search for SMTP to view the relevant documents:

UP L18 Enhanced MDM and Updated Protection Hands-On Lab

Sophos SafeGuard File Encryption for Mac Quick startup guide. Product version: 6.1

TxEIS on Internet Explorer 7

ParishSOFT Remote Installation

Attix5 Pro. Your guide to protecting data with Attix5 Pro Desktop & Laptop Edition. V6.0 User Manual for Mac OS X

Managing Qualys Scanners

Quick Start Guide. Microsoft Access 2013 looks different from previous versions, so we created this guide to help you minimize the learning curve.

Transcription:

Emulating single signon with newlook

contents Emulating Single Sign On (SSO)... 3 IBM i Requirements... 3 Screen Flow... 3 newlook Solution... 3 Other Considerations... 3 IBM i Requirements... 4 A Super User profile... 4 Several designated user profiles... 4 Capability to call a program from the sign on screen... 4 A CL program to switch users... 4 Screen Flow... 5 newlook Solution Requirements... 6 Retrieve Super User Profile and Password... 6 Retrieve Designated User Profile... 6 Connect to the IBM i system... 6 Sign On to the IBM i system... 6 Identify the designated user... 6 Start the designated user initial program/menu... 6 Other Considerations... 7 What the user will see.... 7 Changing the super user password.... 7 looksoftware Last updated 13-Apr-12 Page 2 of 7

Emulating Single SignOn (SSO) This document includes an overview of a design that can be used to build a solution with newlook to emulate SSO. The sections in this document are: IBM i Requirements What is needed on the IBM i to build this solution. Screen Flow How the green screens will work to access the user s initial program/menu. newlook Solution Requirements The design of the solution required to be built with newlook. Other Considerations Additional topics of interest. looksoftware Last updated 13-Apr-12 Page 3 of 7

IBM i Requirements These are the minimum objects required on the IBM i side to support this solution. A Super User profile This user profile does not need to be able to sign on to an interactive session, and does not require to be authorized to applications or data. It must have *USE and *READ authority to all the designated user profiles that will be used in this solution. Several designated user profiles These user profiles are the normal users who currently sign on to the IBM i. The Super User must have *USE and *READ authority to all these designated user profiles. Capability to call a program from the sign on screen The program name on the Sign On screen will be used to start an interactive session. This functionality must be available for the super user profile. A CL program to switch users This program will be called from the sign on screen when newlook uses the Super User to sign on. Its purpose is to collect the user name from a green screen prompt, and switch the job to use that designated user name as the current user. The core of that CL program will be contain functionality similar to this: /*********************************/ PGM PARM(&USERNAME) DCL VAR(&USERNAME) TYPE(*CHAR) LEN(10) DCL VAR(&PASSWORD) TYPE(*CHAR) LEN(50) VALUE('*NOPWD') DCL VAR(&HANDLE) TYPE(*CHAR) LEN(12) DCL VAR(&ERRCODE) TYPE(*CHAR) LEN(8) VALUE(X'0000000000000000') CALL PGM(QSYGETPH) PARM(&USERNAME &PASSWORD &HANDLE &ERRCODE) CALL PGM(QWTSETP) PARM(&HANDLE) ENDPGM /*********************************/ Modifications to this base code will include: error handling a green screen display to collect a user profile name. calling/transferring to the user profile s initial program The two key programs are the APIs named QSYGETPH and QWTSETP - More details for the two APIs can be found here: http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/apis/qsygetph.htm http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/apis/qwtsetp.htm looksoftware Last updated 13-Apr-12 Page 4 of 7

Screen Flow This is the process that will be used by newlook to sign on to the user s first program/menu. newlook will be following this screen flow in order to emulate SSO. After the initial connection, the Sign On screen will be displayed. The Super User and password will be entered, along with the name of the program to perform the user switch. That program will ask for the designated user name, it will be entered, and the CL program will perform the user switch and call the initial program for the designated user. looksoftware Last updated 13-Apr-12 Page 5 of 7

newlook Solution Requirements These steps need to be coded inside the newlook Solution to emulate SSO. Retrieve Super User Profile and Password The Super User profile and password need to be determined. These could be retrieved from a locally cached encrypted file, or hard- coded into a newlook macro or script. Retrieve Designated User Profile It must be determined where the user profile name is to be retrieved from. If the user profile is the Windows user name then this can be retrieved programmatically and is the easiest to implement. If the designated user profile is not the same as the Windows user name then a translation table may be required to look up the IBM i user profile name to be used. If the smartclient is being launched from within another existing application then it may be possible for that application to provide the user profile as an input variable to the smartclient. Connect to the IBM i system A 5250 telnet connection will be made to the IBM i partition. Sign On to the IBM i system At the Sign on screen, the Super User and Password will be filled in with the retrieved values (or from internal hard coded values), and the name of the Switch User program will be filled into the Program name field. Enter will then be pressed to continue. Identify the designated user The Switch User program will now ask for the designated User Profile, and it will be filled in from the retrieved values. Enter will then be pressed to continue. The designated user profile will be stored into newlook memory for later use. Start the designated user initial program/menu The Switch User program can retrieve the initial program and library, or initial menu, from the designated user profile and will transfer control to that program or menu. looksoftware Last updated 13-Apr-12 Page 6 of 7

Other Considerations What the user will see. Once the user has clicked on the icon on their desktop, the newlook solution should open using the smartframe, if possible. The first screen that appears will be their initial program or menu, as defined in their IBM i user profile definition. All screen navigation will be invisible to the user. Changing the super user password. The Super User profile name and password must be stored somewhere so the newlook solution can retrieve it. It is possible to store it inside a newlook macro or script, or another solution might be to store it in a locally cached encrypted file. In any case, changing the Super User profile will require a change to the newlook solution. suite 9 / 622 ferntree gully rd wheelers hill vic 3150 australia acn : 071 351 776 tel: +61 (0)3 9535 4444 fax: +61 (0)3 9535 4455 email: info@looksoftware.com web: www.looksoftware.com looksoftware Last updated 13-Apr-12 Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information