Skip to content

Implementing Automated Sign-On for Host Access

The Automated Sign-On for Host Access (ASO) Add-On allows MSS to obtain a time-limited, one-time password (OTP) for a user, which can subsequently be submitted to the host computer instead of a persistent password.

When a user authenticates to the MSS server with their domain credentials, and then connects to a host computer, an InfoConnect macro requests the host user ID and a temporary password for the host logon. The user's enterprise identity is mapped to the user's host identity and a one-time password is generated. Then the macro transmits the user ID and the temporary password to the host instead of the user's persistent password. The temporary password can be used only once, and automatically expires after a short time. These features help increase the security of host logons.

To implement Automated Sign On for a host system, you'll need to configure the host, the MSS Administrative Server, and InfoConnect Desktop as follows:

  • Enable the use of one-time passwords on the host. This requires custom programming on the host computer. To learn more about the MSS ASO protocol and the functionality that you must provide on your host computer, contact your Micro Focus sales representative.

  • Edit settings on the MSS server and in the Administrative Console as shown in Configuring MSS Automated Sign-On for Host Access.

  • Set up an InfoConnect Desktop session for automated sign-on to a host system, as shown below.

Set up an InfoConnect Desktop Session for Automated Sign-on to a Host System

Configure InfoConnect Desktop for Centralized Management

This global setting establishes a connection between the client and the MSS Administrative Server, which is needed to request and deliver the OTP for automated sign-on.

  1. On the File menu, open the InfoConnect Workspace Settings.

  2. Click Configure Centralized Management.

  3. Select Enable Centralized Management.

  4. Enter the Server URL for your MSS Administrative Server and click OK.

  5. Select Enable automated sign-on.

This setting is needed to use Automated Sign-on for Host Access when sessions are created by users and saved on their individual desktops. When enabled, the automated sign-on macro inserts a time-limited OTP to log the user on to the host session.

Create an Automated Sign-on Macro

The automated sign-on macro must:

  • Request a host user ID and an OTP from the MSS Administrative Server.

  • Insert the user's credentials (host computer user ID and password) that are returned from the MSS Administrative Server (to the client) into the data that is transmitted to the host. This action logs the user on to the host application.

To create a macro that automatically logs on a user to a host session

  1. Gather the application ID (if required for your host) and valid logon credentials for the host application.

  2. In InfoConnect Desktop, create a session and configure it to connect to the host you want users to automatically log on to.

  3. On the Tools tab Macros group, click Record VBA Macro.

  4. Log on to the host application with valid credentials, and then click Stop Recording.

  5. In the Recording Complete dialog, save the macro in the current document’s project. Name the macro according to these requirements:

    • To apply the macro to all sessions connecting to this host, name it SignOn.

    • To apply this macro only to sessions connecting to a specific port on this host, append the name with _<port number>, (for example, SignOn_102).

  6. To ensure the session VBA Project component has the required name, save the session document file as ASM.iuts.

  7. In the VBA Editor, open the ASM project, open Modules, and then open the Recorded module.

  8. Edit the macro code to add this line after the variable declarations:

    utsCurrentTerminal.GetDASOPassTicket("APPID")

    where APPID is replaced with the host application ID (noted in step 1). The application ID may or may not be required, depending on your ASO host implementation. However, you must pass a string to this method. The value can be an empty string but not null.

  9. Replace your user name with the user ID retrieved by the GetDASOPassTicket method:

    utsCurrentScreen.SendKeys(utsCurrentTerminal.DASOUserID)

    This sends your user ID instead of your user name.

  10. Comment out or delete the line that uses the PasswordBox function to prompt the user for the password. 

        hiddenTextEntry = utsCurrentTerminal.Macro.PasswordBox("", "")
    If (hiddenTextEntry = "") Then
        Err.Raise 5002, "Hidden TextEntry", "No Value Provided.", "VBAHelp.chm", "5002"
    End If
    utsCurrentScreen.SendKeys (hiddenTextEntry)

  11. Replace those lines with lines that contain the user ID and the password that were retrieved by the GetDASOPassTicket function call, like this: 

        utsCurrentScreen.SendKeys (utsCurrentTerminal.DASOPassTicket)

  12. Save the macro. When you are done, your macro should look something like this example:
    Sub autosignon()
    '---------------------------------------------------------------------
    ' Generated by Micro Focus InfoConnect Desktop Pro for Unisys (18.0.493.0)
    ' Generated by the Macro Recorder on 8/8/2022 3:47:55 PM
    '---------------------------------------------------------------------
    ' Common variable declarations
    Dim utsCurrentTerminal As UtsTerminal
    Dim utsCurrentScreen As UtsScreen
    Dim hiddenTextEntry As String
    Dim returnValue As Integer
    Dim timeout As Integer
    Dim waitText As String
    timeout = 15000

    Set utsCurrentTerminal = ThisFrame.SelectedView.control
    Set utsCurrentScreen = utsCurrentTerminal.Screen

    utsCurrentTerminal.GetDASOPassTicket ("APPID")

    '---------------------------------------------------------------------
    'Wait for cursor to be in position before continuing
    returnValue = utsCurrentScreen.WaitForCursor1(timeout, 23, 2)
    If (returnValue <> ReturnCode_Success) Then
        Err.Raise 5001, "WaitForCursor1", "Timeout waiting for cursor position.", "VBAHelp.chm", "5001"
    End If

    waitText = ChrW$(9654)
    returnValue = utsCurrentScreen.WaitForText1(timeout, waitText, 23, 1, TextComparisonOption_MatchCase)

    utsCurrentScreen.MoveCursorTo1 23, 2
    'hiddenTextEntry = utsCurrentTerminal.Macro.PasswordBox("", "")
    'If (hiddenTextEntry = "") Then
    '    Err.Raise 5002, "Hidden TextEntry", "No Value Provided.", "VBAHelp.chm", "5002"
    'End If
    'utsCurrentScreen.SendKeys (hiddenTextEntry)

    utsCurrentScreen.SendKeys (utsCurrentTerminal.DASOUserID) 
    utsCurrentScreen.SendKeys ('/')  
    utsCurrentScreen.SendKeys (utsCurrentTerminal.DASOPassTicket)

    utsCurrentScreen.SendControlKey (ControlKeyCode_CarriageReturn)

    End Sub

Tip

To add another macro for a specific port on this host, disconnect this session and connect on that port. Then repeat the steps in this procedure to record another SignOn macro and save it with the port number appended to the SignOn name (for example, SignOn_3782).