Release Notes: Enterprise Single Sign On Manager
Version 4.40 Build 1152, april 26, 2013
PIN Code complexity rules have been added.
It is now possible to configure the smartcards that may be enrolled with.
Autologon support for multiple computers added. Users that have logged on to a computer in the network can now log on to another computer without entering their PIN code as long as the specified time has not been exceeded.
Follow me support for Terminal server has been added. When a user logs on to his computer or unlocks a kiosk pc, E-SSOM will reconnect its terminal server session. Allowing the user to continue working immediately.Single Sign on
A new detection method has been added for websites. This method can be used when websites change frequently.
During an accessible layout detection search the right mouse button can be used to 'scroll' through the parent
objects of the selected control.
The received service logs are now stored in the %temp% folder. This will allow users with less rights to retrieve the logs.
The java monitor can now be installed using the Admin Console.
The java monitor installer now checks if the files are locked and tries to copy them using a different method if the
files are locked.
The client service will now install the Firefox extension if configured in the client service configuration.
User Policies can now be made operating system specific.
An option has been added to switch to the logon screen when the desktop is locked. (Windows Vista or higher)
Implemented the 'DontDisplayLockedUserID' registry setting.
Added an option to specify the kioskusername in the registry. Doing so will change the unlock text when the kioskuser is logged on.
A 'force shutdown' button may be added to the locked desktop screen.
A property 'set focus' has been added to the 'accessible set' action to be able to set the focus to an edit box or
The 'Ask for Credentials' can now select a default value in drop down lists.
The accessible layout has been updated so that it can detect login screens more easily.
The accessible layout now allows several 'incorrect objects' in the detected layout.
The accessible layout can now be configured to detect login screens in Flash objects.
Custom icons can now be configured for smartcards, users and other users.
The original credential providers in Windows 8 was not removed when the E-SSOM credential provider was running.
Password change at next logon will now be handled correctly in all situations.
Password expiration will now be handled correctly in all situations.
The credential provider now has the same look and feel as the original Windows provider.
The 'password expiration warning' message would sometimes be displayed when it was not necessary.
Password change at next logon will now be handled correctly in all situations.
Password expiration will now be handled correctly in all situations.
The 'users' dialog could not be used because the view would be refreshed continuously.
The applications tree could not load correctly when loading a very large configuration.
When the Central Service would be connected to another database, the E-SSOM client could go out of sync.
A part of the user data could be overwritten by older data from the clients.
If a client presented deleted user data, the service would reject it, but the client would indefinitely try to update the deleted user data.
Due to the release of Java 7, it was no longer possible to configure java applications using Java 7.
The if then else action could not check the length of a string in java.
When the client service could not resolve the server address at startup, it would not try to resolve it later on.
Offline mode was not always working correctly.
Configuration for applications that were run from the client menu, was only updated when the client started.
The client could respond to certain events even if the desktop was locked.
The menu was not translated to other languages when a different language was selected.
The list of credentials could redraw slowly if there were a lot of credentials in the list.
The Chrome and FireFox extensions could not detect windows in the application.
The temporary variables were not always stored correctly.
When the password complexity rules were disabled, the text would still be visible in the background.
Wildcard strings were not parsed correctly in every situation.
When auto logon was used, logon could fail if the users' password changed.
Version 4.29 Build 1141
Important ChangesAccess support removed
Support for the Access database has been removed from E-SSOM. It is no longer possible to use an Access database or to upgrade an existing installation with Access to this version.
Backwards compatibility removed
The previous version of E-SSOM can upgrade from any version to 4.16 build 1128 This version can only upgrade version 4.16
Legacy detection methods removed
Event based window detection has been removed as well as event based website detection.
Encryption method changed
The encryption used by E-SSOM has been changed. Important changes have been been to backup/restore the encryption key and how to copy the key to other E-SSOM Central Services
This version now supports Java 7. Due to the changes in Java 7, applications could fail to start after installing the SSO Java monitor.
- A global policy can be defined that allows the administrator to configure a PIN code expiration.
- Smartcard entries can be copied so that users can be given a (temporary) card with the same PIN code. The old card will remain valid!
- Smartcard entries can be replaced so that users can be given a new card with the same PIN code. The old card will become invalid immediately.
- Smartcards can be (temporarily) disabled.
- Smartcard entries can be flagged so that the PIN must change at the next logon (or unlock) of the user.
- The smartcard policy can be configured in such a way that users can use all characters in stead of only numbers for their PIN codes.
- Support has been added for the Chrome browser. The same application definitions can be used that are created for Internet Explorer.
- Support for Firefox has changed. The new plugin is version independent.
- A checkbox has been added to the client security dialog. When this checkbox is enabled, all access to the Central Service is logged with the username of the connecting account.
- The 'Copy' and 'Replace' smartcard functions can now immediately change the start and end time.
- During a window detection search the right mouse button can be used to 'scroll' through the parent windows of the selected control.
- During a web detection search the right mouse button can be used to 'scroll' through the parent elements of the selected element.
- The Citrix configuration dialog has been extended to be able to add custom properties when connecting to a Citrix session.
- Citrix connections can now be specified using the farm name, the application name and the application display name. This will allow the E-SSOM Client to find existing sessions correctly and connect to them.
- A different URL used to connect to the Citrix Web Services can now be specified.
- An option has been added to connect to the Citrix Web Services using SSL.
- A progress dialog has been added when reconnecting to a Citrix session.
- Several enhancements have been made to improve reconnection performance. Client
- The User Policy now contains a setting that can be used to configure the swipe interval when using smartcards.
- The way that applications are started has changed to so that they start faster after logging in. Credential Provider
- The Credential provider displays the users that are logged on. Java
- When configuring a java application, the SHIFT-F10 key can be used to retrieve the entire layout of the java application.
- An issue has been fixed that could cause a, E-SSOM component to crash when connecting or disconnecting a remote desktop session.
- When a variable only changed case, the variable would not be updated in the database. (For instance j.Doe -> J.Doe)
- When the smartcard manager could not read the cards UID, the enrollment wizard would erroneously be started.
- The DontDisplayLastUserName setting was not working correctly in the Credential Provider and GINA.
- When specifying a start or end time for a smartcard, error '-46' was displayed in the log view and the smartcard entry would no longer be usable.
- A possible memory leak in the database engine has been fixed.
- The license manager could not always initialize correctly after a reboot.
- Configuration could become out of sync after updating the client.
- When an application was deleted, clients could still send updated user data for that application to the central service. This could affect the application license count.
- In Fast User switching mode, the user could log off immediately after logging in while tapping with the smartcard.
- Fixed an issue in the Citrix manager that could cause the E-SSOM Client to crash.
- The 'only start an application if it is not already running' option was not working correctly if command line parameters were specified.
- When an HLLAPI session did not respond with the session size, detection would not work.
- The 'Allow any smartcard event to log off the user' setting would only work for Fast User Switching accounts.
- When running in full screen, the Citrix client would display a white screen during the connection phase. Clicking on this screen could cause the connection to fail.
Browser Helper Object (IE)
- When the browser would start with multiple tabs, multiple window detectors would be created for the same windows causing overlapping windows created by E-SSOM scripts.
- When entering an incorrect password when using the CredUI interface, the UserInterface would be infinitely
Swiping a smartcard when displaying the CredUI interface could cause the client to perform a logoff event.
- An issue could cause the credential provider to unload very slowly and in rare circumstances crash.
- When using the 'switch user' functionality from the user profile, autologon using a smartcard would fail when the timeout for the first login attempt expired.
- An issue has been fixed that could cause the credential provider to crash when logging on without PIN code.
- A 'password is about to expire' notification has been added while logging in.
- If the smartcard was not placed on the reader before starting the enrollment wizard, the card would not be detected.
- Temporary variables were not always saved correctly.
- JRE 7 has changed the way that DLLs are loaded causing the SSOJava DLL to fail.
- New AppInit DLLs were not always copied during an upgrade.
Version 4.16 Build 1128
Important ChangesThe Admin Console will no longer offer to update the Central Service automatically. This can now only be done by
running the Central Service setup wizard.
It is no longer possible to install a Central Service with an Access database. Existing Central Services can still be
upgraded to this version. Please note: As of the next version, Access databases will no longer be
supported at all. Existing Access database can no longer be used in the next version of E-SSOM.
New Script Actions
Manipulate table: This script action can be used to manipulate table variables.
- Smartcards can now be configured to be valid within a specified interval.
1.3. EnhancementsScript Actions
- The 'Set Variable' script action can now get a specific value from a table variable.
Logoff event can now only be triggered by the smartcard that was used to login with. The user policy contains
a setting to enable/disable this.
- Citrix connections are now fully logged if logging is enabled on the client.
1.4. FixesCentral Service
The Central Service could crash due to invalid data send by clients.
A crash that could occur randomly has been fixed.
The MSSQL database installation did not set the database version correctly, causing a full database upgrade.
- When the licenses were refreshed, changes would not always be displayed in the overview.
- The ask for enrollment could not be combined with the force enrollment.
- The allow logon without pin interval was not saved correctly.
The Client Service could respond very slow when a machine was not connected to the company network.
Comment tags are automatically removed from the detection so that Internet Explorer application definitions can be
used for Firefox.
The adm file contained an error on line 30. The line POLICY UseRPCOverHTTP" should be POLICY
- In Fast User Switching mode, the user would unlock the machine and the client would lock the machine
- The client would not always update the user interface immediately after user data had changed.
- The force logoff setting would still wait for the user to respond before logging off.
- Citrix sessions were not always correctly restored. As of now the information send by the Citrix server is parsed and a connection is made based on that information.
- The current credential set was not application specific. If more than one application definition applied to a single instance, the current credential set would be overwritten.
- Credential Provider
- The autologon functionality was not responding correctly after logging out. It would login again even when
force auto logon was disabled.
- The client service could crash when a user tried to reset his PIN code for a smartcard
- The win32 credential provider was not installed on a 64 bit machine. Because of this, the credential provider would not load in 32 bit processes.
- When logging on with a smartcard while the password was expired, the user would no longer be able to logon and wouldn't be able to change the password.
- The ask for enrollment and force enrollment settings were not enforced when unlocking the desktop in fast
user switching mode.
- An issue in the smartcard manager could cause the credential provider to lock up.
- When the 'logon without PIN' was enabled and the user logged out with the card still on the reader, the user would be able to log in to the machine after removing the card from the reader
Version 4.01 Build 1113
E-SSOM Clients can now connect to the Central Service over the internet.
Support for Firefox added
A Firefox extension has been added to allow users to log into websites automatically using E-SSOM.
New Script Actions
Get Active Directory Attribute: This script action can read an attribute of an Active Directory user.
Is Member: This script action can check if a specific user is a member of a specific Active Directory group.
- Logoff events are now also being monitored and added to the logging database.
- The 'use the selected credentials by default' check box in the credentials selection dialog can now be disabled in the application policy.
- An options has been added to be able to logout the E-SSOM Client when the Citrix session disconnects.
- The authentication management module now supports offline mode. Users will be able to log in with their smart card when they are not connected to the company network.
- A new security group 'power users' has been added.
- The operators and power users security group now have a link that contains information on the actions that are allowed by that group.
- Smartcards may now be disabled and enabled through the smartcard overview.
The rights to the central service have changed:
- Refresh Licenses may be performed by power users or higher.
- Add report may be performed by operators or higher.
- Update Report may be performed by power users or higher.
- Delete report may be performed by operators or higher.
- Generate report may be performed by power users or higher.
- Generate and get report may be performed by power users or higher.
- Add report component may be performed by operators or higher.
- Delete report component may be performed by operators or higher.
- Add report template may be performed by operators or higher.
- Delete report template may be performed by operators or higher.
- Add application may be performed by operators or higher.
- Upgrade application may be performed by operators or higher.
- Delete application may be performed by operators or higher.
- Import application may be performed by operators or higher.
- Add password policy may be performed by operators or higher.
- Delete password policy may be performed by operators or higher.
- Add User policy may be performed by operators or higher.
- Delete User policy may be performed by operators or higher.
- Add Smartcard policy may be performed by operators or higher.
- Delete Smartcard policy may be performed by operators or higher.
- Add application assignment may be performed by operators or higher.
- Update application assignment may be performed by power users or higher.
- Delete application assignment may be performed by operators or higher.
- Add script may be performed by operators or higher.
- Delete script may be performed by operators or higher.
- Delete user may be performed by operators or higher.
- Delete user credential may be performed by operators or higher.
- Delete user settings may be performed by operators or higher.
- Import script may be performed by operators or higher.
- Update user may be performed by operators or higher.
- Unenroll user may be performed by operators or higher.
- Unenroll application may be performed by operators or higher.
- Delete smartcard may be performed by operators or higher.
- Delete smartcard assignment may be performed by operators or higher.
- Update PIN may be performed by power users or higher.
- The script action 'General Action' can now temporarily or permanently stop the E-SSOM detection for a specific process.
- The script action 'General Action' can now reset the credential set. If the credential set of an application is reset. The user will be re-asked to select the credential set that he wants to use.
- An option has been added to the user policy so that a Windows user switch may be performed on a logoff event.
- The E-SSOM GINA now support Windows Auto logon and Force Auto logon functionality.
- The credential provider will now always display a normal user name/password tile in addition to other tiles.
Browser Helper Object
A setting called 'ReleaseObjectTagsImmediately' has been added that may be enabled to prevent compatibility issues with other browser plug ins. Websites may now be either 'included' or 'excluded' from SSO detection.
- If the service account that is specified in the service installation wizard already exists, creation of the account will no longer be attempted.
- The User Details tab now displays the 'auto detect' entry in the language selection combo box correctly.
- When targeting items in Internet Explorer, the 'selection rectangle' would flicker constantly.
- The Admin Console could crash when testing a password policy.
- If a report query did not return any data, the central service could generate an exception potentially causing a crash.
- The client service would try to connect if the computer account was logged on.
- The client service would not download application definitions if the appinit version of the client was installed and only the hook was being used.
- The Citrix window would not always close automatically when disconnected and running full screen.
- The column names in the overview window could display incorrect data.
- Several texts were not translated to the correct languages.
- The combo box in the 'Ask for Credentials' script action did not display a scroll bar if there were more items in the list than could be displayed.
- The 'Ask for Credentials' dialog did not always display the controls at the correct location causing them to overlap.
- The 'Change Password' dialog did not always display the controls at the correct location causing them to overlap.
- If an application was delegated to multiple users/groups, a user could receive multiple delegated credentials from the same application.
- The credential provider would display the last logged on user even if it was disabled via GPO.
- The GINA was not settings some environment variables correctly. For instance: the 'TEMP' variable would be erroneously be set to 'c:\Windows\Temp'.
Browser Helper Object
- The random number generator was not properly initialized.
Version 3.44 Build 1099
New FeaturesSupport for additional smart cards added
- Support for more types of smart cards have been added. SafeSign compatible cards are now available for use with E-SSOM.
- The PIN code on the smartcard of SafeSign compatible cards may now be used to log on.
Process monitoring added
- Process start and end times can now be logged to the database allowing extensive reporting on client application use. Report examples include: the amount of concurrent users for a specific application.
- An option has been added to allow the user to forcefully log off a user from the 'locked desktop' screen.
- The license count can now be refreshed manually.
- 'Users' button added to the application definition dialog to view the enrolled users for the selected application.
- Enrolled applications dialog added to view the applications that users have enrolled to. The dialog can be used to view all of the users enrolled to a specific application as well as unenrolling all users for a specific application.
- Client Service configuration dialog added so that the client service may be configured using the Admin Console.
- Multiple computer names separated by a comma can now be specified in the user policy.
- License database queries updated to improve performance and reliability.
- Reconnect ion count on database failure reduced to improve performance when the database is unavailable.
- Users that have been deleted from the Active Directory will now automatically be removed from the E-SSOM database.
- The Central Service now sends notification emails if one or more licenses have expired or about to expire.
- In Fast User Switching mode, processes can now be executed in the context of the fast user switching user.
- If the explorer is closed or crashes and restarted, the client will now recreate the taskbar icon.
- A keystroke delay has been added to the 'input keyboard' action.
- The logon dialog now displays the application name by default.
- Delegated Applications report added.
- Enrolled Applications and Users report added.
- Process Monitoring report added.
- The computer table now also contains the Windows version and the client version.
GINA / Credential Provider
- An 'enroll' button for smart cards has been added to the GINA logon screen.
- An option has been added to change the display picture of the credential provider.
- The GINA 'help' link now displays the E-SSOM about dialog.
- The GINA logon and unlock dialog display a shutdown dialog with several options.
- Empty variables 'failed' to decrypt.
- Possible crash during client update fixed.
- Possible crash when reading 'null' blobs from the database fixed.
- Client update issue when clearing tables fixed.
- When creating a database or updating the service configuration, the error log was not send to the Admin Console.
- The central service could crash when older client would try to connect.
- When updating the database to the latest version, not all values were set correctly.
- Account types other than user accounts could be added to the database.
- The language column in the manage users dialog could not be sorted correctly.
- When copying If.. Then.. Else.. conditions, the original condition could disappear.
- Duplicate credential entries were made during enrollment.
- Possible client service lockup/crash when reading corrupt configuration data fixed.
- Backwards compatibility issue with smartcard assignment fixed.
- Due to backwards compatibility issues, the offline mode could fail.
- Delegation entries could fail to be set and/or being displayed correctly.
- Fixed possible lockup when trying to open the application menu.
- Possible crash when closing the user client has been fixed.
GINA / Credential Provider
- Smartcard could fail to read if left on the reader for too long.
- Installer could fail to install the credential provider
- GINA Logged on SAS failed to perform the correct action on auto cancel.
- The GINA now displays all banners correctly for each OS.
- ICA clients would disconnect if a smartcard was presented during remote logon.
- The Windows XP GINA did not always respond correctly when the users' password was expired.
- The GINA did not run configured logon scripts.
- The GINA did not connect to the users' home directory.
- The GINA could fail to switch to the desktop when logging in using RDP.
- Password change could fail in the credential provider.
- Password change would not always be propagated to the Central Service.
- The input keyboard did not handle all keys correctly.
- The Java monitor could crash when pressing SHIFT-F12 in a Java application that does not support accessibility.
- UserApplicationData.Initialize did not return an error on failure
- ESSOM.RemoveUser did not return an error if the specified user was not found in the database.
- The AppInit version of the hook could fail to execute scripts.
- 64 bit applications could not be monitored when using the AppInit version of the E-SSOM Client
- The AppInit DLL is now signed with the correct certificate so that it will load even if the 'require signed app init dll' flag in the registry is set.
- The 'require Internet Explorer 6' restriction has been removed from the installers. This restriction could cause the installer to fail on Windows 7
Version 3.30 Build 1085
New FeaturesSmartcard integration
- E-SSOM can now link a smartcard to an Active Directory account allowing the user to log on to Windows using a PIN code and a smartcard.
Client Language Packs
- Language files for Dutch, English, French and German have been added.
- Cache performance improved
- Communication between central service and client service improved
- All of the client components can now be disabled through registry settings.
- The application list in the client menu is now sorted
- A registry key has been added that may contain the names of executables that must load the hook. The hook will not be loaded for executables that are not listed in this registry key. If the key is empty the hook will load in every executable.
- The manipulate variable action can now convert variables to upper or lower case.
- The HTML press button action can now check/uncheck check boxes
- The setclientreg utility has been updated to be able to set all available GPO settings
- The setclientreg utility now has a button allowing the admin to restart the client service from the utility. (this option requires administrative privileges)
- A topic on 'AppInit' installations has been added to the documentation
- An possible issue in the service security has been fixed
- A potential crash with overlapping policies has been fixed
- A possible lockup could occur during fast user switching
Command Line Interface
- If the command line buffer was set to a value larger than 300*80 the detection could fail.
- The appinit installer could fail to set the registry settings correct
Version 3.19 Build 1074
- A new detection method has been added to support more types of telnet applications.
- Properties are now grouped per type.
New Script Actions
- GetClipboardData: This script action may be used to read data from the Windows clipboard.
- SetClipboardData: This script action may be used to place data on the Windows clipboard.
- All of the property descriptions have been added/updated.
- All of the script action summaries have been updated.
- The 'Handle All Events' check is now visible in the Application Definition tree.
- Client connection handling has been improved to service more requests.
- The Citrix configuration dialog has been extended so that more options may be configured such as the client screen size.
- The Citrix embedded client has been updated to allow more types of connections.
- The input mouse script action can now select text in a control.
- The ask for credentials actions has been updated so that every edit box can contain hidden data.
- Three options have been added to the If..Then..Else.. conditions.
- The manipulate variable can now trim leading and trailing characters from a string.
- The set variable action can now get the local computer name.
- Pressing and holding the CTRL key while starting an application will override the default selected credentials and will allow the user to select the credentials with which he wants to login.
- Cached log information will be send in smaller chunks and slower to prevent slowing normal operations.
- An option has been added to the adm file to exclude certain applications from management by E-SSOM.
- The HTML element editor allowed to configure more restrictions than were used in the HTML script actions.
- Table variables were incorrectly specified as string variables in the edit property dialog.
- The input mouse would still try to select a control even when the dimensions of the control could not be found.
- The input keyboard could not always send correct key combinations such as CTRL-SHIFT-A
- The Citrix embedded client now correctly re sizes the window based on the resolution of the remote session.
- Fixed an issue that could cause excluded characters to be included in a generated password.
- If two or more assignments for a specific application applied to a single user, the incorrect assignment could be selected.
- Web components in applications could not be detected.
- If a deny access entry was not a group, an error could occur when adding delegation entries in the client.
Version 3.10 build 1065
E-SSOM can now automatically reopen a #itrix session on another machine while closing the #itrix session on the original machine if that is still running.
Any user can now unlock a computer that is running in Fast User Switching mode and automatically log on to the E-SSOM client.
New Script Actions
- Accessible GetInfo: This script action may be used to acquire information from dialogs that do not contain normal window controls.
- Lock: This script action may be used to lock the script execution so that only one script can be executed.
- General actions: Perform specific actions such as: 'terminate process' or 'lock workstation'.
- All E-SSOM popup windows can now be configured with a ‘parent window’.
- Window layout can now exclude child windows.
- Applications can now be configured to only start when the E-SSOM client is in Fast User Switching mode.
Variables may now be selected from a combo box when adding variables.
Variable sets can now be deleted from the SSO Client
New Built In Variables
- %SSOMainAppWnd% - This variable contains the handle to the applications main window.
- When asking for multiple credentials, E-SSOM could fail to select the credentials.
- The event name was not displayed in the logs.
- Layout detection could fail when a specific ‘max fail count’ was set.
- Applications would start automatically even if they were already running and the ‘only run when not running‘ check box was checked.
- Deleting application definitions could result in the unwanted deletion of scripts attached to the application definition.
- The URL and title were switched when exporting/importing Web layouts
- When importing applications, the event flags were not imported correctly.
- *ava configuration could fail if more than one Admin Console was running on the same machine.
If an application definition was created for Excel and certain plug-ins were installed Excel could lock up.
- The BHO could display multiple login screens when opening multiple tabs.
- Internet Explorer could crash if a web page contained frames and they were searched by script actions.
The *ava monitor could fail after execution one script.
The installer could fail to determine the installation directory if the client was not installed to the default directory.
Version 3.01 build 1056
Fast User Switching
Fast user switching has been added to E-SSOM. This feature allows users to logon to and logoff from public computers quickly. When users log on using fast user switching applications that they require can be automatically started and logged on to. When users log off E-SSOM can log off from the applications and/or close them.
- Backup and Restore Guide has been added which describes the required actions for performing backups and restoring data.
- Com Guide has been added describing the functionality of the E-SSOM COM object.
- Temporary variables are now stored per application so that they do not interfere with one another.
- Password policies have been extended so that regular expressions may be used to control password complexity.
- Root folders can now be created in the Application and script bar.
- The advanced window layout dialog has been updated to allow importing/exporting of window layouts as well as deleting exiting elements.
- The advanced web page layout dialog has been updated to allow importing/exporting of window layouts as well as deleting exiting elements.
- An additional drop down menu has been added so that special characters may be selected.
An HLLAPI client that would return incorrect session data could crash the User client.
The hook has been updated to increase performance.
Please note: Event based window detection has been removed entirely.
All HTML actions can now be executed from a window layout event in internet explorer.
%SSOBHODocURL% and %SSOBHOTitle% are now also available in web layout projects
- The ‘GetHTMLControlInformation’ can now return the state of an HTML element.
- The 'GetHTMLControlInformation' can now return the width and height of an object.
- Text script actions now support block,set foreground,set focus and attach thread.
- The ‘SetTextInControl’ action now has several methods to set text. Pasting text has now been added.
- The 'Press Button' action now has several methods to press a button.
- 'HTMLSetEditBoxText' now supports focus and blur events.
- The 'Input Keyboard' action can now easily send key combinations such as 'ALT-F4'.
- Window layout has been fine tuned to trigger on more windows.
- It is now possible to configure if a configured window should trigger if child windows are present that are not configured.
- A 'max fail count' has been added so that detection may succeed even if a specific amount of controls do not match.
- The URL and Title can now be configured when detecting a web page using the 'web layout' method.
- The width and height of items has now been added as a possible restriction.
New Built In Variables
- %SSOIEMainWindow% - A handle to the main Internet Explorer window
- %SSOBHOReadyState% - This variable is set to true if the page has finished loading
- %SSOCancelled% - This variable is set to true if a user has cancelled one or more SSO dialogs
- %SSOIsDelegated% - This variable is set to true when a delegated user is using the credentials.
Excluded characters where not correctly excluded when automatically generating passwords.
When searching for controls for web layout, window layout or accessibility events an incorrect message could be displayed that a control could not be found.
An issue has been fixed that could cause text from specific languages to become corrupted.
An issue has been fixed that could cause communication issues with older clients.
The hook could not always be loaded for published applications in #itrix sessions.
The hook could fail to load on 64 bit machines in 64 bit processes
Fixed an issue that could cause an Command line session to stay open until the user closed it manually.
Fixed an issue that could cause a registry entry to remain.
Version 2.58 build 1049
Support for #itrix Published Applications
Applications that are published by #itrix can now be managed by E-SSOM.
New Detection Method: Web Layout
A new detection method has been added for detecting web pages based on their layout.
Support for 'Run as...' Applications that are started using 'Run as...' can now be handled by E-SSOM.
E-SSOM COM Interface Several functions of E-SSOM may now be automated using the E-SSOM COM Interface.
- The 'If..Then..Else..' script action can now check the length of a string.
- The 'Ask for credentials' script action can be configured so that the user must enter text.
- The 'Set Edit Box Text' action tries to enter text in the edit box using different methods. The action can also be configured to only use a specific method.
- The 'Set Edit Box Text' action can now enter text or change properties of a text box, text area, input field, hidden input field or a select box.
- The 'Set Edit Box Text' action can now select the control with the mouse.
- The HTML actions have a new property called' HTMLElement'. This property may contain a reference variable that is configured using the Web Layout method or returned by the 'Get HTML Control Information'.
- The 'HTML Control Information' script action now also returns a reference to the object that it found.
- The HTML action properties can now be automatically filled in by selecting an HTML element in a web page
- The 'Input Mouse' action can now be used to select a control in a window or an HTML page.
- The 'Accessible Set' action can now select the control with the mouse.
User Client Service
#itrix performance and memory usage have been improved.
Browser Helper Object
Temporary variables stored by scripts from 'Window Layout detection' are now also available in the Browser Helper Object.
New Built In Variables
- %SSOBHOPageBusy%: This variable is set to 'true' if the page is still loading.
- %SSOLastExecutionTime%: This variable contains the time and date of the last script execution.
- When an application definition was deleted, the scripts were sometimes not deleted.
- If an HTML document was being scrolled, HTML elements were detected correctly but the 'focus rectangle' was drawn at the wrong place.
- Selecting HTML elements in a web page could crash the Admin Console and/or Internet Explorer.
- The command line value was not read correctly from the database.
- The %SSOHookApp% variables were not set correctly.
- If an executable was very large, it could take a long time to and a lot of system memory for E-SSOM to detect it.
Installer The installer could display a registration error of the SSOBHOx64 DLL on 64 bit machines.
HLLAPI An issue in the HLLAPI support caused the detection to enable/disable continuously.
The 'Change Password' script action did not set the %newpassword% variable correctly if a password was automatically generated.
- Delegation entries could be added, but were not propagated back to the clients
- Existing delegation entries could not be updated.
- If a user would delegate an application to a group to which he belonged himself, the application would also be delegated to him.
Fixed a potential crash when executing a script in a Java application when the application was delegated to the user.
Browser Helper Object
A possible crash has been fixed.
Version 2.06 build 1038
Multiple Credentials per application
Users can now create more then one set of credentials for a specific application. When the application starts, they will be able to choose with which credentials they want to logon.
Support for Silverlight
Support has been added for Microsoft Silverlight. Users can now automatically log on to web applications written in Silverlight*.
New Detection Method
A new detection method using the accessibility interface has been added.
Start Applications from the E-SSOM User Client (Automatically)
Configured applications can now be started from the menu in the E-SSOM User Client. Applications can also be automatically started when the user logs in.
New Script Actions
- Database Query: This script action can be used to query a database. The resulting table can be used in other script actions.
- Database Update: This script action can be used to update a database.
- Verify domain credentials: This script action can be used to verify if domain credentials are correct.
- Accessible Set: This script can be used together with the new detection method to set text in a window control (for instance an edit box)
- Accessible Get: This script can be used together with the new detection method to get text from a window control (for instance an edit box)
- Accessible DefaultAction: This script can be used together with the new detection method to perform the default action of a control (for instance to press a button)
New Data Type
A new data type 'table' has been added. This data type can be used to hold tables of data. These tables can be used for instance to set data in a drop down list.
*Please note: Support for Silverlight requires that Microsoft Windows KB971513 patch is installed: http://support.microsoft.com/kb/971513
- If a new variable is created in a script action, a warning is displayed that it is a new variable.
- Variables that are listed in the application definitions are now also available from the context menu when editing a script. Only the variables of application definitions to which the script is linked are displayed.
- The 'Ask for Credentials' script action now accepts table data as input. (from for instance the 'query database' script action) A column from the table can be displayed in a combo box.
- The 'Send a Window Message' has been extended so that the 'wParam' and the 'lParam' can be created out of two numbers in stead of one.
- The HTML Script actions have two additional settings: 'display' and 'visibility' that can be used to find a HTML element.
- The 'Set Text In Control' now has an option to select the control with the mouse before entering the text.
- The 'Select Combo Box Item' now has an option to select the control with the mouse before selecting the text.
- The 'Set HTML Text in Control' script action now supports text area input types.
- In rare cases the service installation could fail with error: ‘%1 is not a valid win32 application’.
- When selecting a window with the target icon, the application could lose control over the mouse causing the Admin Console to stay hidden.
- When a *ava application was being configured and the Java application was running a script, the Java application could hang.
- The 'reference' variable in Java script action was not saved when the 'Edit *ava Window Layout' was used.
- Not all script actions could be dragged to another window.
When the update service interval was not specified it could be set to 0 causing the E-SSOM Client Service to update every 3 seconds.
When a CLI window was started, that title was used in the detection. If the title changed, it would not be picked up by E-SSOM.
Installer The adm file did not contain the ‘SvcUpdateInteval’ setting.
- The input keyboard script action could fail to type characters that had to be typed with the ‘Alt Gr’ key.
- The 'set text in control' script action could fail if the 'use messages' property was set to true and the 'Alt Gr' key needed to be used.
- The ‘Fire Event’ Action was saved as a ‘press button’ action to the database.
Application definitions made during a WebEx session could fail after the session ended.
When dialog was displayed after pressing a button, the dialog could not be handled by E-SSOM.
Version 2.01 build 1033, November 19th, 2009
Command Line / Telnet supportCommand line and telnet application support has been added to E-SSOM allowing users to automatically log on to applications using a command line interface.
HLLAPI Application supportSupport has been added for telnet emulators that use the HLLAPI as an interface for single sign on.
*ava Application supportSupport has been added for applications written in *ava
New detection methodA new detection method for 'normal' window applications has been created. Application definitions can easily be configured using this new method.
New Script Actions
- Sleep: This script action may be used to pause a script for a specified amount of time.
- Write Text: Use this action to write text to the console. (For instance a telnet application)
- Log Event: Use this action to log the event that triggered the script.
- Goto Address: Use this action in a HTML script to navigate to the specified address.
- Fire Event: Use this action to fire a specific event in a web page
- Set *ava Text: Use this action to enter text in an edit box of a Java application.
- Press *ava Button: Use this action to press a button in a Java application.
User Client Service
- A GPO setting has been added to disable event logging.
- A GPO setting has been added to disable event log caching.
- The 'input keyboard' script action can now temporarily block keyboard input from other sources. (For instance the physical keyboard)
- The 'input mouse' script action can now temporarily block mouse input from other sources. (For instance the physical mouse)
- The 'set text in control' can now first clear a message box or a combo box before entering text.
- All of the HTML actions can now also search within child frames for the correct control.
- The 'Set Check box script action can now change the state of a check box using the mouse.
- The E-SSOM web browser can now export the details of a web page to XML.
- If an application is deleted, the Admin Console will now only ask to delete the scripts if they are not being used by another application.
- An option has been added to the context sensitive menu to refresh the client data.
Default ApplicationsSeveral default application definitions are automatically added to the product during installation or upgrade:
- Default Application
- Default *ava Application
- Default Telnet Application
Default ScriptsSeveral default scripts are automatically added to the product during installation or upgrade:
- Default - Login
- Default - Change Password
- Default - Bad Password
- Default CLI - Enter Username
- Default CLI - Enter Password
- Default *ava - Login
- Default *ava - Bad Password
- Default *ava - Change Password
- Default Web - Login
- Default Web - GetLoginCredentials
- When an application definition was copied, it was no longer possible to remove control restrictions from the events.
- Not all controls in a window could be detected using the target icon. This would often occur when a control was in another control (for instance a group box).
- When the Central Service was upgraded, the new version of the MSSSQL.txt file was not copied to the Central Service. This could cause a 'create SQL database' action to fail.
- If a script was open in the overview window and the same script was deleted from the script tree, it was no longer possible to save the script.
- The ‘Use Messages’ property in the ‘set text in control’ action now correctly types text (including shift characters).
- The 'If..Then..Else..' script action did not always correctly compare data of the same type.
- The Window text in various actions could be read incorrectly.
- Displaying a dialog could cause some applications to stop responding.
- Fixed a memory leak when saving configuration data.
- If 2 or more application policies for the same application with the same preference were created, the Client Service could crash.
SSO Client Software Installer
- Fixed an issue in the installer that could cause the 64 bit Browser Helper Object to fail to register.
- The installation entries for previous versions of the E-SSOM Client Software were not removed when upgrading.
Version 1.17 build 1020, July 3rd, 2009
ReportingA complete reporting solution has been added to E-SSOM. All events generated by E-SSOM Clients are logged to the central database. Administrators can configure and schedule reports to analyze the events that are logged to the database. These reports can be send using email or can be placed in a directory so that they can be published on an (internal) website.
- Installation Guide: This guide explains how to install the various E-SSOM components in the network.
- Configuration Guide: This guide explains how to accomplish various tasks in the Admin Console.
- Scripting Guide: This guide explains how to create scripts, what the script actions do and how they can be configured.
Web Browser Event analyserThe Web Browser event analyzer allows you to analyze web pages so that scripts can more easily be written for HTML pages.
New Script Actions
- Get HTML Control Information: Use this action to get information on a specific control on a web page. This can for instance be used in a script to detect the entry of an incorrect password.
- Input Mouse: Use this action to manually generate mouse events. These events include moving the mouse or clicking on a mouse button.
- Input Keyboard: Use this action to manually generate keyboard events. These events allow you to enter text as if it was typed by the user.
- Select List Control Item: Use this action to select a specific item in a list control.
- Applications are now sorted in the tree.
- An option has been added to allow handling off all events triggered by the same window in an application.
- When searching for an application, only the ‘executable name’ restriction will be selected by default.
- The position of events can be changed. This allows you to control which event should be executed.
- When deleting applications, a question is now asked if the associated scripts also must be deleted.
- It is now possible to specify exactly at which event a script must be executed.
- Scripts are now sorted in the tree.
- Right click on one or more application policies to enable/disable all selected policies.
- It is now possible to restrict the amount of days that a user can create a delegation for.
- The property edit dialog now only allows you to enter variable names if the property should be a variable.
- All property edit dialog are now of the same size. This makes it easier to go to the next/previous properties.
- A preference number can now be entered for user policies to solve multiple assignments.
- The user policies overview now also displays the account to which the policy is assigned.
- The list contains HTML elements displayed the innertext in the tag column and visa versa.
- It is now possible to add special characters to strings using placeholders: ‹TAB›,‹BACK›,‹CR›,‹LF› and ‹VTAB›
- Multiple application definitions can now be exported at the same time using the export button in the manage application definitions dialog.
- Is is now possible to upgrade an application definition to the latest available version.
- The ‘Delete Logon Credentials’ will update the client immediately.
- It is now possible to see which user credentials are used by default.
- Is is now possible to change the default user credentials using the ESSOM User Client.
- An option has been added so that log messages can be immediately written to the log file instead of waiting for the action to complete.
- Form data is now added to the variable list. Variables are named as follows: %SSOBHOPostVARNAME% where VARNAME is replaced with the ID of the posted item.
- Four distinct events are now triggered (usually in the following order): BeforeNavigate,NavigateComplete,DownloadComplete and DocumentComplete.
- The state of the events are now also checked: 'Loaded','Interactive' and 'Complete'. Events can be configure to trigger only when a specific state has been reached.
- Script Action 'If..Then..Else' summary updated.
- Script Action 'If..Then..Else' Conditions can now be configured to compare a specific data type.
- Script Action 'If..Then..Else' was always comparing data as string. If items are of the same type, the comparison will use that type.
- Script Action 'If..Then..Else' Strings can now be compared using wild cards.
- Script Action 'If..Then..Else' Variable condition; The left value is now by default a string.
- Script Action 'Set Variable' can now be used to set a variable to a special value; including the current time.
- Script Action 'Ask For Credentials' All entry fields are now optional and may have input values. A flag can be set to change the title and header to a ‘incorrect credentials’ dialog.
- Script Action 'Get Control Information' can now search all windows in the system.
- Script Action 'Get Control Information' can now also check the style of a window.
- Script Action 'Get Control Information' can now return al data in variables.
- Script Action 'Set Text in Control' now sends messages using WM_KEYDOWN/WM_KEYUP instead of WM_CHAR.
- Script Action 'Send a Window Message' A new dialog has been created to configure the lparam and wParam properties for WM_KEYDOWN,WM_KEYUP,WM_SYSKEYDOWN and WM_SYSKEYUP messages.
- Script Action 'Send a Window Message' All available messages can now be selected from the drop down list.
- Script Actions 'Set Edit Box Text','Press Button' and 'Press Link' can now search web pages using the 'ID','Name','Tag','InnerText','Value','Class' and 'Link' of the controls.
New Built In Variables
- %SSOHookTopWindowHandle%: The handle of the foreground window.
- %SSOHookDesktopWindowHandle%: The destop window handle.
- %SSOCurrentTime%: The current local time (set at script execution)
- %SSOCurrentTimeUTC%: The current universal time (set at script execution)
- %SSOHookWindowStyle%: The style of the current window.
- %SSOHookWindowStyleEx%: The extended style of the current window.
- %SSOBHODocURL%: The URL of the current HTML document. (This is not nessesarily the same as the URL passed by the event in %SSOBHOURL%.)
- %SSOBHOEventDocComplete%: A variable that is set to true of the triggered event is ‘DocumentComplete’.
- %SSOBHOEventDownComplete%: A variable that is set to true of the triggered event is ‘DownloadComplete’.
- %SSOBHOEventNavComplete2%: A variable that is set to true of the triggered event is ‘NavigateComplete2’.
- %SSOBHOEventBeforeNav2%: A variable that is set to true of the triggered event is ‘BeforeNavigate2’.
- HTML elements were displayed incorrectly in the list.
- When copying an application, the application version names were not changed, causing a name conflict in the database.
- When editing the window controls, the ‘relative position’ was placed in the incorrect edit box.
- Script Action ‘SelectComboBoxItem’ summary fixed.
- Script Action ‘Display Question’ could cause the application to crash or to display a warning.
- When parts of an application were copied, they could be added to the database incorrectly.
- When a log could not be saved, no error was displayed that the save failed.
- In some places the date/time values could not be entered in a 24 hour format, but it was also not possible to specify AM/PM for the 12 hour format. All data/time values can now be entered in 24 hour format.
- The web browser was unable to detect HTML elements inside a frame.
- Application definitions containing HTML Elements were imported without the HTML Elements.
- Special characters could not be exported to XML.
- The HTML Elements table required that the ‘ElementID’ was always used.
- Updating an Application Version could cause the service to crash.
- When using large or negative numbers, the data could not always be written to the database.
- If an Application Definition was deleted, the user data, application assignments and delegations associated with that application were not deleted.
- If the Size,Position or Relative Position position in an event were specified and an SQL database was used, the application definition could not be saved.
- The 'ElementID' column of the 'HTMLElements' table could be flagged as required.
- When creating the default User Client Policy, the 'everyone' name was used instead of looking up the correct SID.
User Client Service
- Fixed a potential crash when two application policies with for the same application were defined and the preference number was the same for both policies.
- When the data was saved to disk, it was possible that it was saved using the credentials of the end user causing the save to fail.
- Time in delegation edit window was incorrect.
- Selection was not updated properly.
- If the Central service was not available, it was possible that the User Client would respond slowly.
- After a delegation entry was created, it could not be edited.
- If a user A delegated his account to user B that was not enrolled into that application, user B would not be able to enroll himself.
- The 'use default account' setting was not stored correctly.
- Default user account could not be saved
- %SSOHookCurrentTime% and %SSOHookCurrentTimeUTC% were incorrectly named. They are now called %SSOCurrentTime% and %SSOCurrentTimeUTC%.
- If a script could not be found when an event was triggered, the Hook or the BHO could crash.
- When a dialog was displayed by the BHO, it was possible that Internet Explorer would become unresponsive.
- An unhandled error could cause Internet Explorer to crash in rare situations.
- It was not possible to manipulate HTML elements that were inside a frame.
- The Admin Console installer now correctly asks for the destination path and places all files in that path.
- The COM object is now registered correctly when the User Client Software is installed.
- The client installer now correctly asks for the destination path and places all files in that path.
Version 1.08 Build 1010, March 27th, 2009