sharfuddin2 Absent Member.
Absent Member.
781 views

PAM 3.5 - AppSSO uncooked ?

On 22nd Jan, we opened an SR#101213831901 and submit every detail(step by step document) to Support so that Support can reproduce the issue internally, Support even took the remote and didn't manage AppSSO to work.


I am not here to complain about the Support, I just want to know if AppSSO really works ?
0 Likes
3 Replies
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: PAM 3.5 - AppSSO uncooked ?

On 13.02.19 19:04, sharfuddin wrote:
>
> On 22nd Jan, we opened an SR#101213831901 and submit every detail(step
> by step document) to Support so that Support can reproduce the issue
> internally, Support even took the remote and didn't manage AppSSO to
> work.
>
>
> I am not here to complain about the Support, I just want to know if
> AppSSO really works ?
>
>


Hi,


Yes AppSSO does work.

But I think it would be better if you talked to a Support Manager.



Casper
0 Likes
sharfuddin2 Absent Member.
Absent Member.

Re: PAM 3.5 - AppSSO uncooked ?

I am sorry for not coming back earlier. We got the following:


The APPSSO is dependent on SecureLogin. In order to make the SSO work, the team must have skillset of SecureLogin

For vSphere Web Client you might need to configure it using App Definition Wizard from NSL. Here is the guide to create an Application Definition for a Web Application:

https://www.netiq.com/documentation/securelogin-86/application_definition_wizard_admin_guide/data/blydhpx.html

or if the App definition is not working, please write the script:

https://www.netiq.com/documentation/securelogin-87/pdfdoc/application_definition_guide/application_definition_guide.pdf


Its not uncooked but at least APPSSO is not a "PAM Feature" strictly.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: PAM 3.5 - AppSSO uncooked ?

PAM AppSSO does really work. 🙂 I have verified several of the use-cases now including Web Logins and even created a couple of my own custom ones.

There are some sample AppSSO scripts that can be imported that I'm sure you are aware of. These should work and please continue to work with support if they do not.

In addition, you can also create custom appsso scripts for any applications using the wizard and/or tweaking the script definition. This will require some experience with SecureLogin and possibly some learning on your part. With the Wizard, it can be fairly straight-forward, but does occasionally need further tweaking of the script definition.

Please see PAM documentation for Creating Application SSO Scripts.
Some helpful SecureLogin documentation sources:
- Using the Application Definition Wizard.
- Commands reference (script).

In SecureLogin Manager, it would be good to enable the following preferences for a domain administrator when testing / creating the new script with the wizard:
Display Splash screen on startup
Display system tray icon
Show Add Application wizard with minimal actions
Note: Please disable these options for SSOUser and non admin users after all below steps are over.

I suspect that there is a problem in the custom NSL script in this case. It can be helpful, especially with new scripts, to verify it works with SecureLogin before having it authorized through PAM. Simply commenting out or removing the SetRestPlat -method "PAM" line in the script and creating a temporary, local credential in the SecureLogin Application is a good way to test/verify the script without wondering if there is some problem in PAM. I am then able to launch the application, try out the script, tweak, etc. Once satisfied, then I can add that line back in as per the PAM documentation and verify the script is copied/owned by the PAM AppSSO user, then try through PAM use-case and debug if necessary from that context, checking cmdctrl authorization, etc.

What application are you looking to add? Is it a webapp or native/gui/windows?
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.