# ESSO

# ⏰ Getting started

## Introduction

Soffid ESSO is a full Enterprise Single Sign on solution, with some distinguishing features:

1. Keeps track of users sessions active on the network.
2. Automatically reconfigure user preferences and desktop behaviour according to whether or not it is connected to the corporate network.
3. And of course, as any other ESSO solution, automatically detects user identification prompts, injecting the needed credentials, pressing buttons and more.

As critical success factors the following design principles are governing Soffid ESSO product:

1. It's fully integrated with Soffid IAM console.
2. It's extremely easy to install and configure.
3. It has good management and support tools.
4. It's workload on managed workstations is minimal.
5. It has been designed to minimize system vulnerabilities.
6. It's open-source.

# How to install ESSO?



# ESSO Installation Windows (from 3.3.3-enterprise to 3.4.3-enterprise)

## Introduction

Soffid ESSO is a full Enterprise Single Sign on solution.

Here you can find the details about the **ESSO from 3.3.3-enterprise to 3.4.3-enterprise**  iversions nstallation.

## Supported platforms

Soffid ESSO supports Windows XP or later workstations.

## Interactive installation

To install Soffid ESSO, you must follow these steps:

1. Download the latest available installer version from: [Soffid Download Manager](http://www.soffid.com/download/enterprise/).
2. Run it as administrator. Once the interactive installation has finished, a message window will notice you:[![image-1647446846755.png](https://bookstack.soffid.com/uploads/images/gallery/2022-03/scaled-1680-/image-1647446846755.png)](https://bookstack.soffid.com/uploads/images/gallery/2022-03/image-1647446846755.png)
3. Finally, the system will prompt you to configure Soffid ESSO. This prompt will not be shown on updates or silent installations.  
      
    [![image-1647446894539.png](https://bookstack.soffid.com/uploads/images/gallery/2022-03/scaled-1680-/image-1647446894539.png)](https://bookstack.soffid.com/uploads/images/gallery/2022-03/image-1647446894539.png)
4. After configuring the system, it's required to reboot the computer.

## Interactive configuration

The first task to do at configuration panel is to enter the Soffid synchronization server URL and fetch its digital certificate. To do it, enter its URL on the textbox and press “Retrieve Certificate” button in order to obtain a certificate from the server.

[![image-1647446909812.png](https://bookstack.soffid.com/uploads/images/gallery/2022-03/scaled-1680-/image-1647446909812.png)](https://bookstack.soffid.com/uploads/images/gallery/2022-03/image-1647446909812.png)

If the URL is correct and the synchronization server is effectively running, the digital certificate will be downloaded and stored at Soffid ESSO directory. Mind that this initial configuration step is highly insecure. Should a man be in the middle, the certificate could be tampered, compromising any further security check.

It is a suitable procedure for testing and quick configuring, but a secure way to install and configure your installation certificate is preferred.

“**Users can logout”** checkbox enable users to open the Soffid notifier menu and close it's Soffid session. After logging out, the user will be allowed to start a new Soffid session with the same or another user name. If the checkbox is not selected, the user will not be allowed to close Soffid session without closing Windows session.

When **“Force login at startup”**, checkbox is selected, the Windows session (explorer.exe) won't start until Soffid session is completely verified and set up. Otherwise, the windows session will start regardless Soffid session is not started yet. If there is an error or denied log-on at Soffid ESSO, windows session will go on without any single sign on feature.

“**Use Soffid windows logon screen**” checkbox is only available on Windows XP. It changes the default (GINA) Windows logon screen, allowing the use of self-registered SmartCard certificates or one-time-password devices. It is not needed on Vista and later.

There are three ways to logon to Soffid:

- **Kerberos login** will reuse the Windows credential acquired by the operating system. If they belong to a managed Active Directory, the user won't need to enter any user name or password to access Soffid.
- When **manual login** is selected, the user must enter a valid user name and password in order to access Soffid.
- When **both** is selected, the system will try first a Kerberos login. Whenever it is not possible (the user is not a domain user), a manual login will be prompted to the user.

## Silent installation

In order to do a silent installation you can execute the installer from command line with the following parameters:

**-q** or /q: Quiet installation

**-server** \[url\] or /server \[url\]: to configure the synchronization server URL.

**-force** or /force: f<span lang="en">orce the installation even if a restart is pending. Not recommended.</span>

**-nogina** or /nogina: do not modify previos GINA. In this version, this parameter only applies in first installation.

Example:

```western
C:\> soffidesso.exe -q -server https://server.domain.local:760 -force -nogina
```

## Smart update

To assist in massive deployment scenarios, smart update swich can be set to prevent Soffid to reinstall componenents when the installer version matches the already installed one. This switch does not affect to new installations.

**-smartupdate** or /smartupdate: Smart update installation

Example:

```western
C:\> soffidesso.exe -q -server https://server.domain.local:760 -force -nogina -smartupdate
```

## MSI Package

MSI Installation is also available for enterprise customers.

To customaize configuration parameters, the PARAM variable can be used:

Example:

```western
C:\> msiexec /i soffidesso.mssi PARAM="-q -server https://server.domain.local:760 -force -nogina -smartupdate"
```

## Registry configuration entries

The system stores all its settings in the registry branch HKLM\\Software\\Soffid\\esso. The values used are as follows:

<div id="bkmrk-entry-default-value-"><table class="wrapped confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd align-center">**Entry**

</td><td class="confluenceTd align-center">**Default Value**

</td><td class="confluenceTd align-center">**Description**

</td></tr><tr><td class="confluenceTd">LogonEntry

</td><td class="confluenceTd">Logon

</td><td class="confluenceTd">After identifying the user, Soffid ESSO will look at the defined application tree for an application with this key, in order to execute it.

</td></tr><tr><td class="confluenceTd">OfflineEntry

</td><td class="confluenceTd">Offline

</td><td class="confluenceTd">If synchronization servers are not reachable, an alternative script will be execute. This entry contains the key of the application entry point to execute in such a case.

</td></tr><tr><td class="confluenceTd">LocalCardSupport

</td><td class="confluenceTd">2

</td><td class="confluenceTd">Indicate whether to ask for coordinates card at logon time or not. Four values are allowed.

1 – Coordinates card is required

2 – Coordinates card is required if and only if the user is the owner of one card.

3 – Coordinates card is required if the user is connecting from a not registered device.

4 – Never ask for coordinates card.

</td></tr><tr><td class="confluenceTd">RemoteCardSupport

</td><td class="confluenceTd">1

</td><td class="confluenceTd">Indicate whether to ask for coordinates card when performing a remote logon. Four values are allowed.

1 – Coordinates card is required

2 – Coordinates card is required if and only if the user is the owner of one card.

3 – Coordinates card is required if the user is connecting from a not registered remote device.

4 – Never ask for coordinates card.

</td></tr><tr><td class="confluenceTd">LocalOfflineAllowed

</td><td class="confluenceTd">1

</td><td class="confluenceTd">Specifies whether is it permitted to use the workstation when no Soffid synchronization servers are reachable.

1 – It's permitted.

0 – It's forbidden.

</td></tr><tr><td class="confluenceTd">RemoteOfflineAllowed

</td><td class="confluenceTd">0

</td><td class="confluenceTd">Specifies whether it is permitted to open a terminal server connection against this host when no Soffid synchronization servers are reachable.

1 – It's permitted.

0 – It's forbidden.

</td></tr><tr><td class="confluenceTd">CertificateFile

</td><td class="confluenceTd">root.cer

</td><td class="confluenceTd">Specifies the name of the file containing the Certificate Authority certificate used by the synchronization server (X509 DER format)

</td></tr><tr><td class="confluenceTd">SSOServer

</td><td class="confluenceTd">stsmlin3.caib.es,

sticlin2.caib.es

</td><td class="confluenceTd">Comma-separated list of synchronization server names

</td></tr><tr><td class="confluenceTd">seycon.https.port

</td><td class="confluenceTd">760

</td><td class="confluenceTd">TCP/IP port used for connecting to SEYCON

</td></tr><tr><td class="confluenceTd">debuglevel

</td><td class="confluenceTd"></td><td class="confluenceTd">Indicates the level of detail of the log:

0 = not recorded anything

1 = Basic Information

2 = Detailed Information

</td></tr><tr><td class="confluenceTd">ginalogFile

</td><td class="confluenceTd"></td><td class="confluenceTd">Name of the file which records the actions taken by GINA. Do not enable it unless needed.

</td></tr><tr><td class="confluenceTd">ShiroHostName

</td><td class="confluenceTd"></td><td class="confluenceTd">Do not modify: It contains the name that the host had when it was registered at Soffid server.

</td></tr></tbody><tbody><tr><td class="confluenceTd">startDisabled

</td><td class="confluenceTd">false

</td><td class="confluenceTd">When it contains the value “true”, Soffid ESSO will be started in disabled (or pause) state. Thus, it will not inject any user name or password on user applications.

</td></tr></tbody><tbody><tr><td class="confluenceTd">MazingerVersion

</td><td class="confluenceTd"></td><td class="confluenceTd">It contains the version number of Soffid ESSO.

</td></tr></tbody><tbody><tr><td class="confluenceTd">sayaka.domain

</td><td class="confluenceTd"></td><td class="confluenceTd">It contains the Active Directory name the workstations belongs to.

</td></tr></tbody><tbody><tr><td class="confluenceTd">sayaka.pkcs11%

</td><td class="confluenceTd">(reserved)

</td><td class="confluenceTd">Each crypto card used by the user will have a corresponding entry indicating the name of the PKCS#11 DLL that can handle it. Do not modify.

</td></tr></tbody></table>

</div>## Startup process

{{@1306}}

## Enforcing browser addons

{{@1307}}

# ESSO Installation Windows (+3.5.0-enterprise)

## Introduction

Soffid ESSO is a full Enterprise Single Sign on solution.

Here you can find the details about the **ESSO +3.5.0-enterprise** installation.

## Supported platforms

Soffid ESSO supports Windows XP or later workstations.

## Windows

### Interactive installation

To install Soffid ESSO, you must follow these steps:

1\. Download the latest available installer version from: [Soffid Download Manager](http://www.soffid.com/download/enterprise/).

2\. Install as administrator. Once the interactive installation has finished, a message window will notice you:

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-10/scaled-1680-/tLq3ZUs7BvnK7Z0o-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-10/tLq3ZUs7BvnK7Z0o-image.png)

3\. Finally, the system will prompt you to configure Soffid ESSO. This prompt will not be shown on updates or silent installations.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-10/scaled-1680-/YLBFPE04xe4TY4tE-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-10/YLBFPE04xe4TY4tE-image.png)

3.1. If you click No, the process finish without configuration

3.2. If you clic Yes, you have to configure the URL of the ESSO server, for which you will have to enter the URL of the Soffid identity provider and obtain its digital certificate.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-10/scaled-1680-/1kNRR6h71Kjj5W32-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-10/1kNRR6h71Kjj5W32-image.png)

4\. After configuring the system, it's **required to reboot the computer.**

<p class="callout info">For more information, you can visit **[the Windows user acces page](https://bookstack.soffid.com/books/esso/page/windows-administrator-access)** and [**the Windows Administrator access page**](https://bookstack.soffid.com/books/esso/page/windows-administrator-access). </p>

### Configure the ESSO Profile

1\. Then you need to configure the ESSO profile in your Identity Provider

<details id="bkmrk-%F0%9F%92%BB-image-1"><summary>💻 Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-09/scaled-1680-/yWElBgTnW9rZpzRf-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-09/yWElBgTnW9rZpzRf-image.png)

</details><p class="callout info">For more information you can visit the following page: [https://bookstack.soffid.com/books/federation/page/esso](https://bookstack.soffid.com/books/federation/page/esso)</p>

2\. And finally, you can configure the Adaptive authentication rules

<details id="bkmrk-%F0%9F%92%BB-image-2"><summary>💻 Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-09/scaled-1680-/aq9KrGgF8MhVsGes-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-09/aq9KrGgF8MhVsGes-image.png)

</details>### Silent installation

In order to do a silent installation you can execute the installer from command line with the following parameters:

**-q** or /q: Quiet installation

**-server** \[url\] or /server \[url\]: to configure the synchronization server URL.

**-force** or /force: f<span lang="en">orce the installation even if a restart is pending. Not recommended.</span>

**-nogina** or /nogina: do not modify previos GINA. In this version, this parameter only applies in first installation.

**-nopm** : to avoid installing Password Manager

To assist in massive deployment scenarios, smart update swich can be set to prevent Soffid to reinstall componenents when the installer version matches the already installed one. This switch does not affect to new installations.

**-smartupdate** or /smartupdate: Smart update installation

#### Install EXE Package

EXE Installation is also available for enterprise customers.

Example:

```
C:\> MazingerInstaller-3.5.3-enterprise.exe -q -server https://idp.your-soffid.com:443 -force -nogina -smartupdate -nopm
```

#### Install MSI Package

MSI Installation is also available for enterprise customers.

To customaize configuration parameters, the PARAM variable can be used.

Example:

```western
C:\> msiexec /i soffidesso.msi PARAM="-q -server https://idp.your-soffid.com:443 -force -nogina -smartupdate -nopm"
```

> **<span style="color: rgb(224, 62, 45);">Installation problems can be reviewed in the installer log: C:\\Windows\\SysWOW64\\mazinger-install.log</span>**

## Registry configuration entries

The system stores all its settings in the registry branch **HKLM\\SOFTWARE\\Soffid\\esso**.

The values used are as follows:

<div id="bkmrk-entry-default-value-"><table class="wrapped confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd align-center">**Entry**

</td><td class="confluenceTd align-center">**Default Value**

</td><td class="confluenceTd align-center">**Description**

</td></tr><tr><td class="confluenceTd">LogonEntry

</td><td class="confluenceTd">Logon

</td><td class="confluenceTd">After identifying the user, Soffid ESSO will look at the defined application tree for an application with this key, in order to execute it.

</td></tr><tr><td class="confluenceTd">OfflineEntry

</td><td class="confluenceTd">Offline

</td><td class="confluenceTd">If synchronization servers are not reachable, an alternative script will be execute. This entry contains the key of the application entry point to execute in such a case.

</td></tr><tr><td class="confluenceTd">LocalCardSupport

</td><td class="confluenceTd">2

</td><td class="confluenceTd">Indicate whether to ask for coordinates card at logon time or not. Four values are allowed.

1 – Coordinates card is required

2 – Coordinates card is required if and only if the user is the owner of one card.

3 – Coordinates card is required if the user is connecting from a not registered device.

4 – Never ask for coordinates card.

</td></tr><tr><td class="confluenceTd">RemoteCardSupport

</td><td class="confluenceTd">1

</td><td class="confluenceTd">Indicate whether to ask for coordinates card when performing a remote logon. Four values are allowed.

1 – Coordinates card is required

2 – Coordinates card is required if and only if the user is the owner of one card.

3 – Coordinates card is required if the user is connecting from a not registered remote device.

4 – Never ask for coordinates card.

</td></tr><tr><td class="confluenceTd">LocalOfflineAllowed

</td><td class="confluenceTd">1

</td><td class="confluenceTd">Specifies whether is it permitted to use the workstation when no Soffid synchronization servers are reachable.

1 – It's permitted.

0 – It's forbidden.

</td></tr><tr><td class="confluenceTd">RemoteOfflineAllowed

</td><td class="confluenceTd">0

</td><td class="confluenceTd">Specifies whether it is permitted to open a terminal server connection against this host when no Soffid synchronization servers are reachable.

1 – It's permitted.

0 – It's forbidden.

</td></tr><tr><td class="confluenceTd">CertificateFile

</td><td class="confluenceTd">root.cer

</td><td class="confluenceTd">Specifies the name of the file containing the Certificate Authority certificate used by the synchronization server (X509 DER format)

</td></tr><tr><td class="confluenceTd">SSOServer

</td><td class="confluenceTd">stsmlin3.caib.es,

sticlin2.caib.es

</td><td class="confluenceTd">Comma-separated list of synchronization server names

</td></tr><tr><td class="confluenceTd">seycon.https.port

</td><td class="confluenceTd">760

</td><td class="confluenceTd">TCP/IP port used for connecting to SEYCON

</td></tr><tr><td class="confluenceTd">debuglevel

</td><td class="confluenceTd"></td><td class="confluenceTd">Indicates the level of detail of the log:

0 = not recorded anything

1 = Basic Information

2 = Detailed Information

</td></tr><tr><td class="confluenceTd">ginalogFile

</td><td class="confluenceTd"></td><td class="confluenceTd">Name of the file which records the actions taken by GINA. Do not enable it unless needed.

</td></tr><tr><td class="confluenceTd">ShiroHostName

</td><td class="confluenceTd"></td><td class="confluenceTd">Do not modify: It contains the name that the host had when it was registered at Soffid server.

</td></tr></tbody><tbody><tr><td class="confluenceTd">startDisabled

</td><td class="confluenceTd">false

</td><td class="confluenceTd">When it contains the value “true”, Soffid ESSO will be started in disabled (or pause) state. Thus, it will not inject any user name or password on user applications.

</td></tr></tbody><tbody><tr><td class="confluenceTd">MazingerVersion

</td><td class="confluenceTd"></td><td class="confluenceTd">It contains the version number of Soffid ESSO.

</td></tr></tbody><tbody><tr><td class="confluenceTd">sayaka.domain

</td><td class="confluenceTd"></td><td class="confluenceTd">It contains the Active Directory name the workstations belongs to.

</td></tr></tbody><tbody><tr><td class="confluenceTd">sayaka.pkcs11%

</td><td class="confluenceTd">(reserved)

</td><td class="confluenceTd">Each crypto card used by the user will have a corresponding entry indicating the name of the PKCS#11 DLL that can handle it. Do not modify.

</td></tr></tbody></table>

</div>## Startup process

{{@1306}}

## Enforcing browser addons

{{@1307}}

# ESSO Installation Linux

## Introduction

Here you can find the details about the ESSO installation.

## Installation

```shell
sudo dpkg -i '<your_path>/MazingerInstaller-3.5.2-enterprise.deb'
```

<details id="bkmrk-%F0%9F%92%BB-image"><summary>💻 Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-09/scaled-1680-/ynJLDiVNBD7sWhnb-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-09/ynJLDiVNBD7sWhnb-image.png)

</details>## Interactive configuration

1\. To configure, you need to run the following command with your Soffid Identity Provider URL.

```
sudo configure_esso https://<YOUR_IdP_URL>:443
```

<details id="bkmrk-%F0%9F%92%BB-image-1"><summary>💻 Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-09/scaled-1680-/Fyf3H9gqJwMbqqzw-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-09/Fyf3H9gqJwMbqqzw-image.png)

</details>2\. Then you need to configure the ESSO profile in your Identity Provider

<details id="bkmrk-%F0%9F%92%BB-image-2"><summary>💻 Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-09/scaled-1680-/yWElBgTnW9rZpzRf-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-09/yWElBgTnW9rZpzRf-image.png)

</details><p class="callout info">For more information you can visit the following page: [https://bookstack.soffid.com/books/federation/page/esso](https://bookstack.soffid.com/books/federation/page/esso)</p>

3\. And finally, you can configure the Adaptive authentication rules

<details id="bkmrk-%F0%9F%92%BB-image-%C2%A0"><summary>💻 Image</summary>

 [![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-09/scaled-1680-/aq9KrGgF8MhVsGes-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-09/aq9KrGgF8MhVsGes-image.png)

</details><p class="callout info">For more information, you can visit [**the Linux Administrator access page**](https://bookstack.soffid.com/books/esso/page/linux-administrator-access) and [ **the Linux user acces page**.](https://bookstack.soffid.com/books/esso/page/linux-user-access) </p>

## Enforcing browser addons

{{@1307}}

# Startup process

### Windows XP GINA logon

Soffid GINA is an optional part of Soffid ESSO. It's features are:

- Allows users to log on using smart cards. The digital certificates can be auto enrolled as long as there is a method to know which user it belongs to.
- Allows authorized users to log on with Local Administrator privileges.

### Windows Vista Credential Provider

Soffid Credential Provider is an optional part of Soffid ESSO. It's features are:

- Allows users to log on using smart cards. The digital certificates can be auto enrolled as long as there is a method to know which user it belongs to.
- Allows authorized users to run with Local Administrator privileges.

### Soffid session startup

After being identified by Windows, the Soffid session startup takes place. Either sequentially or in parallel to desktop startup, the Soffid ESSO session manager (named KojiKabuto after the best ever hero) is the responsible for making the following steps.

#### Update settings

KojiKabuto will contact Soffid servers o update registry entries using the system configuration introduced at Soffid console (LogonEntry, OfflineEntry, SSOServer, seycon.https.port)

#### Kerberos handshake

If it's enabled by system administrator, Soffid Synchronization server and the user desktop will perform a Kerberos handshake. If the Credential token shown by user desktop is accepted by any managed Active Directory, Soffid will accept that credential as a prove of identity.

In order to do that handshake, Soffid will create an special user named SEYCON\_xxxx for each one of the synchronization servers involved in the login process.

#### Manual login

If it's enabled by system administrator, or Kerberos handshake has failed, the user will have the chance to enter it's user name and passwords. They will be verified by synchronization server against its internal user database.

#### Coordinates card

Once logged in, KojiKabuto requested permission to log. At this time, synchronization server could issue a coordinates card challenge. If the user fails to enter the right value for the coordinates requested, the Soffid session will be canceled.

#### Multiple sessions prevention

At this phase, Synchronization Server will check if the user has any other, not linked, session. If there is any other active session, and the user has not been granted the capability to open more than one (at Soffid console), the system will notice it to both, the new session and the ancient one.

Finally, the new session will take the decision to close the ancient one or to give up. If the user chooses to close the ancient one, the later will show a prompt, and its user will have 30 seconds to answer if he agrees to close that session. Usually the user has left the ancient session open and no user will be present at the ancient session. So, after 30 seconds the session will be closed and the new one will proceed.

#### SSO Rules activation

Once the session has been created, the SSO rules present at Soffid Console will be compiled and loaded into the Windows Session. Since this moment, every application launched will have its credentials automatically fullfilled.

#### Startup script

The workstation connects to Synchronization Server to get the session logon script (LogonEntry registry entry with deafault value "Logon"), and the session offline script (registry entry "OfflineEntry" with default value "offline"), which will be executed at next logon whether no Synchronization server is reachable.

The offline script is stored at %ProgramFiles%\\SoffidESSO\\Cache\\offline.mzn file.

Afterwards, the application menu is populated using the application entries configured at Sofifd Console.

#### Desktop start

Unless the system configuration enables the user to use the desktop before opening the Soffid Sesion, the Desktop is started right now. Otherwise, the desktop would have been started at the initial steps.

#### System operation

Once the session is started, Soffid ESSO has two main tasks to do:

**First.** Timely keeps in touch with Synchronization server to confirm the validity of the soffid session.

**Second**. Performs injection or user names and password to applications, based on the SSO rules bound to each application entry point the user is authorized to execute.\\

# Enforcing browser addons

Modern browsers, apply certain restrictions to automatically enable browser addons without user intervention:

### Google chrome

Google chrome extension is automatically enabled, but requires internet access, as Chrome is going to download the addon directly from Chrome store rather than using the locally installed version. This addon is compatible with Microsoft Edge.

### Mozilla Firefox

There is a Mozilla firefox group policy to automatically enable any extension. Follow this link to get it: [https://github.com/mozilla/policy-templates/releases/download/v1.11/policy\_templates\_v1.11.zip](https://github.com/mozilla/policy-templates/releases/download/v1.11/policy_templates_v1.11.zip)

You can alternatively, add the following registry key:

HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Mozilla\\<span class="il">Firefox</span>\\Extensions\\Locked\\1 = "esso@soffid.com"

### Internet Explorer (deprecated)

As well, there is a group policy for Internet Explorer. Please, follow this Microsoft link to get it: [https://docs.microsoft.com/es-es/<span class="il">internet</span>-<span class="il">explorer</span>/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy](https://docs.microsoft.com/es-es/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy)

The GUUID of Soffid ESSO group policy is {53252A52-D536-11DF-866D-5B82D67A00D1}

# ESSO Configuring Rules for Single Sign On



# Configuring Rules for Single Sign On

## Configuring Single Sign-on

<div data-hasbody="false" data-headerelements="H2" data-macro-name="toc" id="bkmrk-user-interface-patte">- <span class="toc-item-body" data-outline="1">[User interface pattern recognition](#bkmrk-user-interface-patte-0)</span>
- <span class="toc-item-body" data-outline="2">[Web interfaces pattern recognition](#bkmrk-web-interfaces-patte)</span>
- <span class="toc-item-body" data-outline="3">[Configuring rules for basic / kerberos authentication](#bkmrk-configuring-rules-fo)</span>

</div>SSO system is configured based on the detection of administrator defined User Interface patterns. The system currently supports native Windows applications, Java applications and Web applications.

The UI Patterns are expressed with XML files associated with each application entry point. They are composed of:

- **Rules** for detecting user interfaces (defined like application attributes or elements).
- **Action** to be taken on user interface recognition. (defined with the action element for the application).

Complementary to the rules defined in Sofifd Console, the synchronization server manages a repository of user accounts and passwords, as well as other information generically known as **secrets**. In general, the system will handle any number of secrets as well as any number of accounts for each managed systems. Anyway, each account for a managed system will have only one password.

All secrets can be used and manipulated using a scripting language fully compatible with ECMA-Script, also known as Javascript.

## User interface pattern recognition

The user interface detection for Windows and Java applications is done using the <u>**Application**</u> tag. This tag will contain one or more Component tagged elements. Each component could have many nested components. Each component could have one or more actions to perform when the user focus is at a selected component.

Next is a sample to inject the secret name “JconsolePassword” into jconsole application:

<div id="bkmrk-%3Cmazinger%3E-%C2%A0-%C2%A0-%C2%A0-%C2%A0-%3C"><table class="wrapped confluenceTable" style="width: 100%;"><tbody><tr><td class="confluenceTd" colspan="1" style="width: 84.2917%;">&lt;Mazinger&gt;

 &lt;<span style="color: #0000ff;">**Application**</span> cmdLine = '.\*jconsole$'&gt;

 &lt;<span style="color: #008000;">**Component**</span> class = 'sun.tools.jconsole.JConsole' title = 'Java Monitoring &amp; Management Console' name = 'frame0'&gt;

 &lt;<span style="color: #008000;">**Component**</span> class = 'sun.tools.jconsole.JConsole\\$FixedJRootPane'&gt;

 &lt;<span style="color: #008000;">**Component**</span> class = 'javax.swing.JPanel' name = 'null.glassPane' /&gt;

 &lt;<span style="color: #008000;">**Component**</span> class = 'javax.swing.JLayeredPane' name = 'null.layeredPane'&gt;

 &lt;<span style="color: #008000;">**Component**</span> class = 'javax.swing.JPanel' name = 'null.contentPane'&gt;

 ....

 &lt;<span style="color: #008000;">**Component**</span> class = 'javax.swing.JPasswordField' text ='' ref-as = 'password'&gt;

</td><td class="confluenceTd" colspan="1" style="width: 15.7083%;">Patterns to be match

</td></tr><tr><td class="confluenceTd" style="width: 84.2917%;"> &lt;<span style="color: #ff6600;">**Action**</span> type='script' event='onFocus'&gt;

 &lt;! \[CDATA \[

 var account = secretStore.getAccount('soffid');

 var password = secretStore.getPassword('soffid', account);

 debug ('user =' + account);

 debug ('password =' + password);

 password.setText (secretStore.getSecret ('password'));

 \]\]&gt;

 &lt;/ **<span style="color: #ff6600;">Action</span>**&gt;

</td><td class="confluenceTd" style="width: 15.7083%;">The action you want to be executed

</td></tr><tr><td class="confluenceTd" colspan="1" style="width: 84.2917%;">....</td><td class="confluenceTd" colspan="1" style="width: 15.7083%;">  
</td></tr></tbody></table>

</div>Thus, when the system detects that the user is within a window that meets the XML specification and the password text box is the focus owner, Soffid will execute the script action that is bound. This one will show the user password in a jconsole application field.

The Application contains in the attribute cmdLine a regular expression that is matched against the process command line. In the example, SSO will only match a running program with a command line that ends with "jconsole". It won't apply to jconsole.exe or “jconsole test”.

The element <span style="color: #0000ff;">**Application**</span> accepts the following attributes:

<div id="bkmrk-cmdline-regular-expr"><table class="wrapped confluenceTable"><colgroup><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">cmdLine

</td><td class="confluenceTd">Regular expression to match the command line.

</td></tr></tbody></table>

</div>The <span style="color: #008000;">**Component**</span> element allows the following attributes:

<div id="bkmrk-class-regular-expres"><table class="wrapped confluenceTable" style="width: 100%;"><colgroup><col style="width: 13.2175%;"></col><col style="width: 86.7825%;"></col></colgroup><tbody><tr><td class="confluenceTd">class

</td><td class="confluenceTd">Regular expression to validate against the kind of visual component, either a Java class or a window class.

</td></tr><tr><td class="confluenceTd">name

</td><td class="confluenceTd">Regular expression to match the name of the component. Applies only to Java components.

</td></tr><tr><td class="confluenceTd">text

</td><td class="confluenceTd">Regular expression to match the content of a text component

</td></tr><tr><td class="confluenceTd">title

</td><td class="confluenceTd">Regular expression to match the title of a java component.

</td></tr><tr><td class="confluenceTd">dlgId

</td><td class="confluenceTd">Regular expression to match window ID dialog on Windows component.

</td></tr><tr><td class="confluenceTd">optional

</td><td class="confluenceTd">If the value is true, the presence of the component is not considered critical to trigger actions associated dialogue.

</td></tr><tr><td class="confluenceTd">check

</td><td class="confluenceTd">When the check attribute has the value “**partial**”, the matcher engine considers the user interface component matches the XML pattern even when it has one or more children components that are not declared at the XML pattern.

If you specify the value **full** value or the attribute is missing, the component will not match the pattern if it has children are components not specified in XML descriptor. Thus, the rule will be ignored.

</td></tr><tr><td class="confluenceTd">ref-as

</td><td class="confluenceTd">Specifies a name of a ECMA-Script variable that will refer to this component.

</td></tr></tbody></table>

</div>The <span style="color: #ff6600;">**Action**</span> element accepts the following attributes:

<div id="bkmrk-event-name-of-the-ev"><table class="wrapped confluenceTable" style="width: 82.716%;"><colgroup><col style="width: 16.1326%;"></col><col style="width: 83.8674%;"></col></colgroup><tbody><tr><td class="confluenceTd">event

</td><td class="confluenceTd">Name of the event that will trigger the action. In the current version must be set to "onFocus"

</td></tr><tr><td class="confluenceTd">type

</td><td class="confluenceTd">Indicates the type of action. Can have the following values:

**setText:** Assigns a text value to the owner component.

**script.** Run the specified script.

</td></tr><tr><td class="confluenceTd">text

</td><td class="confluenceTd">Text to assign, for setText actions.

</td></tr><tr><td class="confluenceTd">repeat

</td><td class="confluenceTd">If set to true, the action will be executed as many times as necessary.

Otherwise, it will only run once per process.

</td></tr><tr><td class="confluenceTd">delay

</td><td class="confluenceTd">Time (in seconds) that must be elapsed before the action is executed again.

</td></tr></tbody></table>

</div>## Web interfaces pattern recognition

The detection is done using the element <u>**WebApplication**</u>. This tag is independent of the browser used, and is based solely on the content of web document. Thus, the same rule will work both on Mozilla Firefox, Google Chrome or Internet Explorer.

<div id="bkmrk-%3Cmazinger%3E-%C2%A0-%C2%A0-%C2%A0-%C2%A0-%3C-0"><table class="wrapped confluenceTable"><colgroup><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">&lt;Mazinger&gt;

 &lt;<span style="color: #0000ff;">**WebApplication**</span> url = '[https://www.caib.es](https://www.caib.es/). \*' title = 'Government of the Balearic Islands'&gt;

 &lt;<span style="color: #800000;">**Form**</span> action = "j\_security\_check"&gt;

 &lt;**Input** name="j\_username" ref-as="u"/&gt;

 &lt;**Input** name="j\_password" type="password" ref-as="p"/&gt;

 &lt;**Input** type="Submit" ref-as="b" /&gt;

</td><td class="confluenceTd">Patterns to be match

</td></tr><tr><td class="confluenceTd"> &lt;<span style="color: #ff6600;">**Action**</span> Type='script' event='onLoad'&gt;

 &lt;! \[CDATA \[

 debug('User =' + secretStore.getAccount ('user'));

 debug ('password =' + secretStore.getPassword('soffid', account));

 u.setAttribute ('value' secretStore.getAccount ('user'));

 p.setAttribute ('value' secretStore.getPassword('soffid', account));

 b.click();

 \]\]&gt;

 &lt;/<span style="color: #ff6600;">**Action**</span>&gt;

</td><td class="confluenceTd">Action you want to be executed

</td></tr><tr><td class="confluenceTd" colspan="1"> &lt;/<span style="color: #800000;">**Form**</span>&gt;

 &lt;/<span style="color: #0000ff;">**WebApplication**</span>&gt;

&lt;/Mazinger&gt;

</td><td class="confluenceTd" colspan="1">  
</td></tr></tbody></table>

</div>Thus, when the system detects that the browser has loaded a page matching the XML specification (url, title, and components), it will run the actions that have been associated.

Mind that despite the actions being coded in Javascript, it is not the Browser javascript engine. Thus, you cannot use browser variables or functions.

The element <span style="color: #0000ff;">**WebApplication**</span> accepts the following attributes:

<div id="bkmrk-url-regular-expressi"><table class="wrapped confluenceTable"><colgroup><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">url

</td><td class="confluenceTd">Regular expression to match the page address

</td></tr><tr><td class="confluenceTd">title

</td><td class="confluenceTd">Regular expression to match the title of the page

</td></tr><tr><td class="confluenceTd">content

</td><td class="confluenceTd">Regular expression to match the HTML content of the page

</td></tr></tbody></table>

</div>The <span style="color: #800000;">**Form**</span> element will search in the HTML document for a form that matches the specified attributes. It can optionally contain one or more input elements that must be present in the HTML document. It accepts the following attributes:

<div id="bkmrk-id-regular-expressio"><table class="wrapped confluenceTable"><colgroup><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">id

</td><td class="confluenceTd">Regular expression to match the ID attribute of the element

</td></tr><tr><td class="confluenceTd">name

</td><td class="confluenceTd">Regular expression to match the element name

</td></tr><tr><td class="confluenceTd">method

</td><td class="confluenceTd">Regular expression to match the form element's method attribute.

</td></tr><tr><td class="confluenceTd">action

</td><td class="confluenceTd">Regular expression to match the form element's action attribute.

</td></tr><tr><td class="confluenceTd">ref-as

</td><td class="confluenceTd">Specifies a name of a ECMA-Script variable that will refer to this form.

</td></tr><tr><td class="confluenceTd">optional

</td><td class="confluenceTd">A value of **true** indicates that its presence is not necessary for the execution of actions.

</td></tr></tbody></table>

</div>The **Input** element will search in the HTML document for an input element that matches the specified attributes. Input elements can be located within WebApplication or Form elements. In the first case, you will find there is any input into the document. In the second case, just find the type items included in the input form found.

<div id="bkmrk-id-regular-expressio-0"><table class="wrapped confluenceTable"><colgroup><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">id

</td><td class="confluenceTd">Regular expression to match the ID attribute of the element

</td></tr><tr><td class="confluenceTd">name

</td><td class="confluenceTd">Regular expression to match the element name

</td></tr><tr><td class="confluenceTd">type

</td><td class="confluenceTd">Regular expression to match the input type

</td></tr><tr><td class="confluenceTd">value

</td><td class="confluenceTd">Regular expression to match the input value.

</td></tr><tr><td class="confluenceTd">ref-as

</td><td class="confluenceTd">Specifies a name of a ECMA-Script variable that will refer to this form.

</td></tr><tr><td class="confluenceTd">optional

</td><td class="confluenceTd">A value of **true** indicates that its presence is not necessary for the execution of actions.

</td></tr></tbody></table>

</div>The <span style="color: #ff6600;">**Action**</span> element accepts the following attributes:

<div id="bkmrk-event-name-of-the-ev-0"><table class="wrapped confluenceTable"><colgroup><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">event

</td><td class="confluenceTd">Name of the event that will trigger the action. In the current version must be set to "onFocus"

</td></tr><tr><td class="confluenceTd">type

</td><td class="confluenceTd">Indicates the type of action. Can have the following values:

**setText:** Not supported

**script.** Run the specified script.

</td></tr><tr><td class="confluenceTd">repeat

</td><td class="confluenceTd">If set to true, the action will be executed as many times as necessary.

Otherwise, it will only run once per process.

</td></tr><tr><td class="confluenceTd">delay

</td><td class="confluenceTd">Time (in seconds) that must be elapsed before the action is executed again.

</td></tr></tbody></table>

</div>## Configuring rules for basic / kerberos authentication

Some web pages are still using basic or kerberos authentication mechanisms. These mechanisms do not present a web page to be filled in by the user. Thus, the ESSO engine cannot detect it using the method described previously.

Instead, starting from Soffid ESSO version 3.0.0, there is a new tag to teach the ESSO which credentials to send in these cases. The rules will be like the next ones:

```
<Mazinger>
  <WebTransport url="https://no-soffid.bubu.lab:4443/" system="OSCM"/>
  <WebTransport url="https://no-ad.bubu.lab/" system="ad" domain="AD"/>
</Mazinger>
```

<div data-hasbody="true" data-macro-name="code" id="bkmrk-the-tag-to-use-is-we"><div><div><div>The tag to use is WebTransport. It has three parameters:</div></div></div></div><div id="bkmrk-attribute-value-url-"><table class="confluenceTable tablesorter tablesorter-default stickyTableHeaders" role="grid" style="width: 100%;"><colgroup><col style="width: 11.2425%;"></col><col style="width: 88.7575%;"></col></colgroup><thead class="tableFloatingHeaderOriginal"><tr class="tablesorter-headerRow" role="row"><th aria-disabled="false" aria-label="Attribute: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="0" role="columnheader" scope="col" tabindex="0"><div>Attribute</div></th><th aria-disabled="false" aria-label="Value: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="1" role="columnheader" scope="col" tabindex="0"><div>Value</div></th></tr></thead><tbody aria-live="polite" aria-relevant="all"><tr role="row"><td class="confluenceTd">url</td><td class="confluenceTd">The base url to use. Include the protocol and port number when needed. Any BASIC, NTLM or Kerberos authentication requested by that server will be automatically answered with the credentials present in the password vault</td></tr><tr role="row"><td class="confluenceTd">system</td><td class="confluenceTd">The ESSO will send any credential that the user has in that system. Other credentials will be ignored</td></tr><tr role="row"><td class="confluenceTd" colspan="1">domain</td><td class="confluenceTd" colspan="1">This is an optional attribute. It's required when trying to use Kerberos or NTLM authentication if the account name does not contain the domain name part. If the account contains the domain name, this attribute should not be present.

</td></tr></tbody></table>

</div>Due to the different ways that browsers address this kind of authentication, the user interface will be displayed according to the browser settings. For instance, Edge and Internet Explorer will display a UA dialog box.

# Support and configuration tools

## Introduction

**KojiKabuto.exe, the main Soffid ESSO component**, picks settings and rules automatically from Soffid synchronization server at login. This configuration can be updated by running the command "KojiKabuto update". Once run, new rules will apply to all new processes. Mind that application processes that where running before the update is done will still use the old rules set.

Additionally, you can drive SSO by yourself for testing purposes. Mazinger.exe is the command line version of Soffid ESSO. It accepts the following commands:

To stop SSO service:

```
mazinger stop
```

To start Mazinger services:

```
mazinger start [-trace] [-debug] [file.mzn]
```

To get a configuration file, you can download from: https://&lt;synchronizationserver&gt;:760/getmazingerconfig?user = .....

The -debug switch allows Mazinger to display all the single sign on events that are produced at users applications.

The -trace switch is only inteded for debugging and support usage.

To view all the single sign on events on a running ESSO instance, you can run:

```western
mazinger debug
```

To view current SSO service status, run:

```
mazinger status
```

Mazinger can also dump XML files describing the applications user interface. This XML files can be used to describe SSO rules. To dump this XML descriptors, execute:

```
mazinger spy
```

Mazinger spy and mazinger trace are very useful when you are creating a new ESSO rule in order to see what parameters, components, atributes, ... the application are using.

In order to execute this commands, you must go to the ESSO installation directory. For example, C:\\Program Files\\SoffidEsso\\mazinger.exe trace.

# ESSO Scripting Language

<p class="callout info">Visit the [ESSO Scripting Language](https://bookstack.soffid.com/books/esso/chapter/esso-scripting-language "ESSO Scripting Language") chapter.</p>

# Configuring terminal emulation SSO

## Introduction

To configure SSO on terminal emulations, an HLL API bridge has been built. This bridge allows direct communication with the terminal emulator in order to create accurate SSO rules that can be triggered based on the screen display.

Next, you have a sample rule for terminal emulation SSO:

**HLL API rule**

```
<Mazinger>
<HllApplication>
  <Pattern row="2">.*SOFFID.*</Pattern>
  <Pattern row="23">.*ABC.*</Pattern>
  <Action type="script" event="onMatch" repeat="true" delay="1">
     account = secretStore.getAccount ("390host");
     password = secretStore.getPassword ("390host", account);
     hll.setCursorLocation (22,3);
     hll.sendText ("HELLO "+account);
     hll.setCursorLocation (23, 3);
     hll.sendText ("YOUR PASSWORD IS "+password);
     hll.sendKeys("@E");
  </Action>
</HllApplication>
</Mazinger>
```

The rule should contain one or more patterns that will be matched against the specified row. If the screen matches all the specified patterns, the action will be executed as usual.

Nevertheless, HLL applications differ in some way from other application rules as long as the HLL engine (Sewashi) must be started separately from the ESSO engine. To active the HLL rules engine, the sewashi program must be started, specifying the HLL API used to interact with the terminal emulator, and optionally, the sessions to be managed:

```
%ProgramFiles%\SoffidESSO\Sewashi.exe --dll "%ProgramFiles%\IBM\Personal Communications\PCSHLL32.DLL" --sessions ABCDEFG
```

To stop the HLL engine, Sewashi --stop can be executed. This program can executed from Soffid login and logout scripts.

# ESSO Related configuration parameters

## Introduction

There are some configuration parameters that can be tuned on Soffid console.

<div id="bkmrk-parameter-value-ssos"><table class="confluenceTable tablesorter tablesorter-default stickyTableHeaders" role="grid" style="height: 356px;"><thead class="tableFloatingHeaderOriginal"><tr class="tablesorter-headerRow" role="row" style="height: 29px;"><th aria-disabled="false" aria-label="Parameter: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="0" role="columnheader" scope="col" style="width: 154px; height: 29px;" tabindex="0"><div>**Parameter**</div></th><th aria-disabled="false" aria-label="Value: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="1" role="columnheader" scope="col" style="width: 655px; height: 29px;" tabindex="0"><div>**Value**</div></th></tr></thead><tbody aria-live="polite" aria-relevant="all"><tr role="row" style="height: 29px;"><td class="confluenceTd" style="width: 154px; height: 29px;">**SSOServer**</td><td class="confluenceTd" style="width: 655px; height: 29px;">Comma separated of synchronization servers the ESSO should connect to</td></tr><tr role="row" style="height: 46px;"><td class="confluenceTd" style="width: 154px; height: 46px;">**seycon.https.port**</td><td class="confluenceTd" style="width: 655px; height: 46px;">TCP/IP synchronization servers are listening to. By default 760</td></tr><tr role="row" style="height: 102px;"><td class="confluenceTd" style="width: 154px; height: 102px;">**SSOSoffidAgent**</td><td class="confluenceTd" style="width: 655px; height: 102px;">Name of the agent used to authenticate user accounts.  
If none is specified, the user name entered by the user is matched against usernames.  
If an agent name is specified, the user name entered by the user is matched against active accounts on this agent.

</td></tr><tr role="row" style="height: 29px;"><td class="confluenceTd" style="width: 154px; height: 29px;">**LogonEntry**</td><td class="confluenceTd" style="width: 655px; height: 29px;">Application entry point to execute after login.</td></tr><tr role="row" style="height: 46px;"><td class="confluenceTd" style="width: 154px; height: 46px;">**OfflineEntry**</td><td class="confluenceTd" style="width: 655px; height: 46px;">Application entry point to execute when the desktop is offline. The script belonging to this application entry point will be stored locally.</td></tr><tr role="row" style="height: 46px;"><td class="confluenceTd" style="width: 154px; height: 46px;">**AutoSSOSystem**</td><td class="confluenceTd" style="width: 655px; height: 46px;">Virtual agent name where to store user registered accounts</td></tr><tr role="row" style="height: 29px;"><td class="confluenceTd" style="width: 154px; height: 29px;">**AutoSSOPolicy**</td><td class="confluenceTd" style="width: 655px; height: 29px;">Password policy to applyfor user registered accounts</td></tr></tbody></table>

</div>As stated at Parameter screen documentation, a single parameter can have a global default value and specific values on a subnetwork basis. This mechanism allows the administrator to setup different synchronization servers for each subnet.

# ESSO Manuals

Documentation about Windows user access, Linux user access and Admin access

# Windows Administrator access

## How to access?

For domain member hosts, ESSO will remove all existing local accounts except for those with a dependand service. So, in order to access with administrator privileges, user must use a domain account with local administrator privilege, or either an authorized Soffid user.

There are three different ways to grant this kind of authorization to a user using Soffid console:

1. Grant a global authorization (host:support). In this case, user can admin any host.
2. Using a network scope authorization. This kind of authorization can be granted on network management screen. Administration authorization can be granted for any host belonging to a network or for a restricted group of them.
3. Using a host scope authorization. This kind of authorization can be granted on host management screen for specified time period.

Through a workflow request. User asks for administration approval using "Request to administer a workstation" workflow. Soffid administrator can deny or approve the request. After the specified time period, the permission will be revoked.

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-10/scaled-1680-/zd5ziD6Pp8HbTYvW-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-10/zd5ziD6Pp8HbTYvW-image.png)

In order to acces with administrator privileges user must log on with the soffid user code. It is not possible to do it with another account. Windows user code must match with Soffid user code.

## Other operations

### How to know the ESSO version?

Windows Control Panel --&gt; Add/Remove programs

<details id="bkmrk-%F0%9F%92%BB-image-1"><summary>💻 Image</summary>

[![image-1665397531364.png](https://bookstack.soffid.com/uploads/images/gallery/2022-10/scaled-1680-/image-1665397531364.png)](https://bookstack.soffid.com/uploads/images/gallery/2022-10/image-1665397531364.png)

</details>### How to check the log?

```shell
C:\Windows\System32\type mazinger-install.log
```

<details id="bkmrk-%F0%9F%92%BB-image-4"><summary>💻 Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-10/scaled-1680-/TKW7p8APrL2gWJVP-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-10/TKW7p8APrL2gWJVP-image.png)

</details>### How to run the configuration?


```
C:\Program Files\SoffidESO\SoffidConfig.exe
```

<details id="bkmrk-%F0%9F%92%BB-image-2"><summary>💻 Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-10/scaled-1680-/fDP4njfpqgk2V5tz-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-10/fDP4njfpqgk2V5tz-image.png)

</details>### How to check the status?

```
C:\Program Files\SoffidESSO>Shirokabuto debug
```

<details id="bkmrk-%F0%9F%92%BB-image-3"><summary>💻 Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-11/scaled-1680-/NXWLBxR4V1FtwsUy-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-11/NXWLBxR4V1FtwsUy-image.png)

</details>### How to stop and start Shirokabuto?

```
C:\Program Files\SoffidESSO>net stop Shirokabuto
```

```
C:\Program Files\SoffidESSO>net start Shirokabuto
```

# Linux Administrator access

## How to access?

For domain member hosts, ESSO will remove all existing local accounts except for those with a dependand service. So, in order to access with administrator privileges, user must use a domain account with local administrator privilege, or either an authorized Soffid user.

There are three different ways to grant this kind of authorization to a user using Soffid console:

1. Grant a global authorization (host:support). In this case, user can admin any host.
2. Using a network scope authorization. This kind of authorization can be granted on network management screen. Administration authorization can be granted for any host belonging to a network or for a restricted group of them.
3. Using a host scope authorization. This kind of authorization can be granted on host management screen for specified time period.

Through a workflow request. User asks for administration approval using "Request to administer a workstation" workflow. Soffid administrator can deny or approve the request. After the specified time period, the permission will be revoked.

In order to acces with administrator privileges user must log on with the soffid user code. It is not possible to do it with another account. Windows user code must match with Soffid user code.

## Other operations

### How to know the ESSO version?

```
dpkg -l soffidesso
```

<details id="bkmrk-%F0%9F%92%BB-image-1"><summary>💻 Image</summary>

[![image-1665396904304.png](https://bookstack.soffid.com/uploads/images/gallery/2022-10/scaled-1680-/image-1665396904304.png)](https://bookstack.soffid.com/uploads/images/gallery/2022-10/image-1665396904304.png)

</details>### How to check the log?

```shell
/var/log$ sudo tail syslog
```

```
/var/log$ sudo cat syslog
```

### How to change debug level?

Edit the file /etc/mazinger/config and set debugLevel to 3

```
nano /etc/mazinger/config
```

<details id="bkmrk-%F0%9F%92%BB-image"><summary>💻 Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-10/scaled-1680-/aMGl10AI9lJ7qRde-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-10/aMGl10AI9lJ7qRde-image.png)

</details>### How to login using the command line?

Raise permissions to super users:

```shell
sudo -i
```

Login with your Soffid user

```shell
login userName
```

<details id="bkmrk-%F0%9F%92%BB-image-3"><summary>💻 Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-10/scaled-1680-/djdjWmR0OJicPhr6-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-10/djdjWmR0OJicPhr6-image.png)

</details>

# Windows user access

## How to access?

When you try to connecto to a Windows machine by using Soffid ESSO, you need to enter your user and password in the Windows login page.

If the user does not exists in this machine, depending on the attribute "Create local accounts when there is no domain account" in Soffid ESSO configuration, a local user willl be created or not.

- If the network is connected, depending on the Soffid ESSO configuration, a 2FA may be required, or you will be logged in directly.
- If the network is not connected, also, depending on the Soffid ESSO configuration, you connect to the machine. When the network is re-established, Soffid ESSO will ask for your credentials again.

<p class="callout info">For more information about how to configure Soffid ESSO you can visit [the ESSO profile page](https://bookstack.soffid.com/books/federation/page/esso).</p>

<details id="bkmrk-%F0%9F%92%BB-image-credentials-"><summary>💻 Image</summary>

##### Credentials required

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-09/scaled-1680-/XCefvJwmqcK4ovLq-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-09/XCefvJwmqcK4ovLq-image.png)

##### 2FA required

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-09/scaled-1680-/2S2t6nRPrgbfVf55-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-09/2S2t6nRPrgbfVf55-image.png)

#####  Soffid ESSO options

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-09/scaled-1680-/WNP7lSbXTiiimGXY-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-09/WNP7lSbXTiiimGXY-image.png)

</details>## Esso Options

On a host with ESSO installed an icon with the Soffid Logo will appear on the Windows taskbar.

If the user clicks on the mouse's right button it will be able to do some different actions.

#### Login

<span style="font-weight: 400;"> Allows you to open an ESSO session. In order to open an ESSO session, the user must enter user code and password. In order to reopen it, the user must enter user code and password again (unless Kerberos login succeeds)</span>

#### Logout

<span style="font-weight: 400;">Allows you to close an ESSO session. On closing session, any SSO rules will be unloaded, so the user should enter the user and password on applications request.</span>

#### SSO Paused

If the user disables ESSO, user and password will be required to execute any application, but ESSO session is still open on the server.

#### SSO Enabled

In order to inject ESSO rules, Soffid ESSO must be enabled.

#### Update rules

To update ESSO rules for the user account. ESSO will contact Soffid Synchronization server in order to get the Single Sign On rules for this account. Any granted permission or rule change will be applied immediately.

<details id="bkmrk-%F0%9F%92%BB-image"><summary>💻 Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-10/scaled-1680-/PUrm8Zojw4jQAEff-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-10/PUrm8Zojw4jQAEff-image.png)

</details>

# Linux User access

## How to access?

When you try to connect to a Linux machine using Soffid ESSO, you will need to enter your username and password on the Linux login page.

If the user does not exists in this machine, depending on the attribute "Create local accounts when there is no domain account" in Soffid ESSO configuration, a local user willl be created or not.

- If the network is connected, depending on the Soffid ESSO configuration, a 2FA may be required, or you will be logged in directly.
- If the network is not connected, also, depending on the Soffid ESSO configuration, you connect to the machine. When the network is re-established, Soffid ESSO will NOT ask for your credentials again in the Linux machine.

<p class="callout info">For more information about how to configure Soffid ESSO you can visit [the ESSO profile page](https://bookstack.soffid.com/books/federation/page/esso).</p>

<details id="bkmrk-%F0%9F%92%BB-image-%C2%A0"><summary>💻 Image</summary>

#####  Credentials required

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-09/scaled-1680-/ZJLytqxNJ2drg8DK-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-09/ZJLytqxNJ2drg8DK-image.png)

#####  2FA required

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-09/scaled-1680-/GbJImQRUVqjP1rou-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-09/GbJImQRUVqjP1rou-image.png)

##### Soffid ESSO options

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-09/scaled-1680-/UbZHPIshtG8yGrA4-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-09/UbZHPIshtG8yGrA4-image.png)

</details>## Esso Options

On a host with ESSO installed an icon with the Soffid Logo will appear on the Windows taskbar.

If the user clicks on the mouse's right button it will be able to do some different actions.

#### Login

<span style="font-weight: 400;"> Allows you to open an ESSO session. In order to open an ESSO session, the user must enter user code and password. In order to reopen it, the user must enter user code and password again (unless Kerberos login succeeds)</span>

#### Logout

<span style="font-weight: 400;">Allows you to close an ESSO session. On closing session, any SSO rules will be unloaded, so the user should enter the user and password on applications request.</span>

#### SSO Paused

If the user disables ESSO, user and password will be required to execute any application, but ESSO session is still open on the server.

#### SSO Enabled

In order to inject ESSO rules, Soffid ESSO must be enabled.

#### Update rules

To update ESSO rules for the user account. ESSO will contact Soffid Synchronization server in order to get the Single Sign On rules for this account. Any granted permission or rule change will be applied immediately.

<details id="bkmrk-%F0%9F%92%BB-image"><summary>💻 Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2024-10/scaled-1680-/fi31clB6MmyxHTsq-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2024-10/fi31clB6MmyxHTsq-image.png)

</details>

# ESSO Scripting Language



# ESSO Scripting Language

## Introduction

The scripting language used is a full ECMAScript interpreter. Nevertheless, it's not a Javascript interpreter as it's used on web browsers. It only has the core elements of ECMAScript (Objects, Arrays, String, etc.) and a set of objects and functions specially designed for its purpouse.

When the script is run, the elements matched, either window or HTML components, with a ref-as tag will be declared as global variable. Additionally, in the case of web applications, a global variable named document contains the reference to the full HTML document.

Here are the supported functions and classes:

1. [Global functions](https://bookstack.soffid.com/books/esso/page/1-global-functions "1. Global functions")
    1. [ESSO SendKeys syntax](https://bookstack.soffid.com/books/esso/page/11-esso-sendkeys-syntax "1.1. ESSO SendKeys syntax")
2. [secretStore object](https://bookstack.soffid.com/books/esso/page/2-secretstore-object "2. secretStore object")
3. [SystemInfo object](https://bookstack.soffid.com/books/esso/page/3-systeminfo-object "3. SystemInfo object")
4. [Window class](https://bookstack.soffid.com/books/esso/page/4-window-class "4. Window class")
5. [Document class](https://bookstack.soffid.com/books/esso/page/5-document-class "5. Document class")
6. [Element class](https://bookstack.soffid.com/books/esso/page/6-element-class "6. Element class")
7. [Collection class](https://bookstack.soffid.com/books/esso/page/7-collection-class "7. Collection class")
8. [File class](https://bookstack.soffid.com/books/esso/page/8-file-class "8. File class")
9. [Directory class](https://bookstack.soffid.com/books/esso/page/9-directory-class "9. Directory class")
10. [MailService class](https://bookstack.soffid.com/books/esso/page/10-mailservice-class "10. MailService class")
11. [NetworkResource class](https://bookstack.soffid.com/books/esso/page/11-networkresource-class "11. NetworkResource class")
12. [Registry class](https://bookstack.soffid.com/books/esso/page/12-registry-class "12. Registry class")
13. [ServerInfo class](https://bookstack.soffid.com/books/esso/page/13-serverinfo-class "13. ServerInfo class")
14. [Hll class (version 1.4.0)](https://bookstack.soffid.com/books/esso/page/14-hll-class-version-140 "14. Hll class (version 1.4.0)")

# 1. Global functions

Global functions can be used in an **action** element:

<table class="confluenceTable" id="bkmrk-debug-text%3A-string-s"><tbody><tr><td class="confluenceTd" style="width: 113px;">debug

</td><td class="confluenceTd" style="width: 101px;">text: string

</td><td class="confluenceTd" style="width: 595px;">Sends a message to the debug console.

</td></tr><tr><td class="confluenceTd" style="width: 113px;">sleep

</td><td class="confluenceTd" style="width: 101px;">millis: int

</td><td class="confluenceTd" style="width: 595px;">Stops script execution for the specified milliseconds.   
Never stops the execution of the application.

</td></tr><tr><td class="confluenceTd" style="width: 113px;">env

</td><td class="confluenceTd" style="width: 101px;">text: string

returns string

</td><td class="confluenceTd" style="width: 595px;">Gets the value of an environment variable.

</td></tr><tr><td class="confluenceTd" style="width: 113px;">exec

</td><td class="confluenceTd" style="width: 101px;">text: string

\[Dir: string\]

</td><td class="confluenceTd" style="width: 595px;">Run an external application.

Optionally, you can specify a directory to change to.

</td></tr><tr><td class="confluenceTd" style="width: 113px;">execWait

</td><td class="confluenceTd" style="width: 101px;">text: string

\[Dir: string\]

</td><td class="confluenceTd" style="width: 595px;">Executes external application and waits for its completion.

Optionally, you can specify a directory to change to.

</td></tr><tr><td class="confluenceTd" style="width: 113px;">sendKeys

</td><td class="confluenceTd" style="width: 101px;">text: string

</td><td class="confluenceTd" style="width: 595px;">Simulates the pressing of the keys indicated. You can see more information on the [ESSO sendKeys syntax page](https://bookstack.soffid.com/books/esso/page/11-esso-sendkeys-syntax).

</td></tr><tr><td class="confluenceTd" style="width: 113px;">sendText

</td><td class="confluenceTd" style="width: 101px;">text: string

</td><td class="confluenceTd" style="width: 595px;">Simulates keystroke typed text. Unlike the SendKeys function, the text is sent, verbatim, without any interpretation.

</td></tr><tr><td class="confluenceTd" style="width: 113px;">alert

</td><td class="confluenceTd" style="width: 101px;">text: string

</td><td class="confluenceTd" style="width: 595px;">Displays a confirmation message to the user.

</td></tr><tr><td class="confluenceTd" style="width: 113px;">progress

</td><td class="confluenceTd" style="width: 101px;">text: string

</td><td class="confluenceTd" style="width: 595px;">Displays a progress message without confirmation from the user.

</td></tr><tr><td class="confluenceTd" style="width: 113px;">cancelProgress

</td><td class="confluenceTd" style="width: 101px;"></td><td class="confluenceTd" style="width: 595px;">Hide progress message.

</td></tr><tr><td class="confluenceTd" style="width: 113px;">alertNoWait

</td><td class="confluenceTd" style="width: 101px;">text: string

</td><td class="confluenceTd" style="width: 595px;">A message, but does not expect the user confirmation.

</td></tr></tbody></table>

# 1.1. ESSO SendKeys syntax

## SendKeys syntax

The sendKeys function aims to perform as the user pressing keystrokes. Thus, the function SendKeys ("ABC") simulates to press those three letters.

The keystrokes will be done independently of the application that generates them. Thus, it is possible to press keys that change the focused control or even the active application using sendKeys.

To mimic the action of pressing to keys simultaneously, you can make use of modifiers. The available modifiers are listed at the attached table. So, to send the character ':' you can execute *sendKeys("+.")*. This combination will simulate pressing the Shift key along with '.'. In order to allow a simpler syntax, you can use parentheses to specify more than one key affected by modifiers. Thus, the function SendKeys ("+ (hello)") generates the word HELLO in upper case.

<div id="bkmrk-modifier-key-%40-windo"><div><div><table class="confluenceTable"><colgroup><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">**Modifier**

</td><td class="confluenceTd">**Key**

</td></tr><tr><td class="confluenceTd">@

</td><td class="confluenceTd">WINDOWS

</td></tr><tr><td class="confluenceTd">+

</td><td class="confluenceTd">SHIFT

</td></tr><tr><td class="confluenceTd">^

</td><td class="confluenceTd">CTRL

</td></tr><tr><td class="confluenceTd">%

</td><td class="confluenceTd">ALT

</td></tr></tbody></table>

</div></div></div>It should be noted that this method can not get accented letters as a parameter, but the combination necessary to generate the desired letter. This method has a big drawback. The combination of keys needed to get a letter can be different depending of the current keyboard layout. So, in order to send arbitrary text characters, it is recommended to use the function sendText.

Additionally, the sendKeys function supports this “virtual keystrokes” that do not correspond to a specific key but an actual action do be done:

<div id="bkmrk-tag-action-taken.-vk"><div><div><table class="confluenceTable"><colgroup><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">**Tag**

</td><td class="confluenceTd">**Action taken.**

</td></tr><tr><td class="confluenceTd">VKEY {X}

</td><td class="confluenceTd">The virtual code key (VKEY) will be sent. It is useful to use non-standard keys.

</td></tr><tr><td class="confluenceTd">XY {BEEP}

</td><td class="confluenceTd">A sound with a frequency X during Y time (in milliseconds).

</td></tr><tr><td class="confluenceTd">{DELAY X}

</td><td class="confluenceTd">X milliseconds pause.

</td></tr><tr><td class="confluenceTd">{DELAY = X}

</td><td class="confluenceTd">Make a dealy of X milliseconds between each simulated keystrokes.

</td></tr><tr><td class="confluenceTd">{AppActivate WindowTitle}

</td><td class="confluenceTd">Bring foreground and activates the application with the specified title.

</td></tr></tbody></table>

</div></div></div>To send function keys, you can use the following codes:

<div id="bkmrk-key-tag-key-tag-back"><div><div><table class="confluenceTable"><colgroup><col></col><col></col></colgroup><colgroup><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">**Key**

</td><td class="confluenceTd">**Tag**

</td><td class="confluenceTd">**Key**

</td><td class="confluenceTd">**Tag**

</td></tr><tr><td class="confluenceTd">Backspace

</td><td class="confluenceTd">{BACKSPACE} or {BS}

</td><td class="confluenceTd">F1

</td><td class="confluenceTd">{F1}

</td></tr><tr><td class="confluenceTd">Break

</td><td class="confluenceTd">{BREAK}

</td><td class="confluenceTd">F2

</td><td class="confluenceTd">{F2}

</td></tr><tr><td class="confluenceTd">CapsLock

</td><td class="confluenceTd">{CAPSLOC}

</td><td class="confluenceTd">F3

</td><td class="confluenceTd">{F3}

</td></tr><tr><td class="confluenceTd">Delete

</td><td class="confluenceTd">{DELETE} or {DEL}

</td><td class="confluenceTd">F4

</td><td class="confluenceTd">{F4}

</td></tr><tr><td class="confluenceTd">Down arrow

</td><td class="confluenceTd">{DOWN}

</td><td class="confluenceTd">F5

</td><td class="confluenceTd">{F5}

</td></tr><tr><td class="confluenceTd">End

</td><td class="confluenceTd">{END}

</td><td class="confluenceTd">F6

</td><td class="confluenceTd">{F6}

</td></tr><tr><td class="confluenceTd">Enter

</td><td class="confluenceTd">{ENTER} or ~

</td><td class="confluenceTd">F7

</td><td class="confluenceTd">{F7}

</td></tr><tr><td class="confluenceTd">Ex

</td><td class="confluenceTd">{ESC}

</td><td class="confluenceTd">F8

</td><td class="confluenceTd">{F8}

</td></tr><tr><td class="confluenceTd">Help

</td><td class="confluenceTd">{HELP}

</td><td class="confluenceTd">F9

</td><td class="confluenceTd">{F9}

</td></tr><tr><td class="confluenceTd">Home

</td><td class="confluenceTd">{HOME}

</td><td class="confluenceTd">F10

</td><td class="confluenceTd">{F10}

</td></tr><tr><td class="confluenceTd">Lnsert

</td><td class="confluenceTd">{INS}

</td><td class="confluenceTd">F11

</td><td class="confluenceTd">{F11}

</td></tr><tr><td class="confluenceTd">Left arrow

</td><td class="confluenceTd">{LEFT}

</td><td class="confluenceTd">F12

</td><td class="confluenceTd">{F12}

</td></tr><tr><td class="confluenceTd">Num Lock

</td><td class="confluenceTd">{NUMLOCK}

</td><td class="confluenceTd">F13

</td><td class="confluenceTd">{F13}

</td></tr><tr><td class="confluenceTd">Next page

</td><td class="confluenceTd">{PGDN}

</td><td class="confluenceTd">F14

</td><td class="confluenceTd">{F14}

</td></tr><tr><td class="confluenceTd">Previous page

</td><td class="confluenceTd">{PGUP}

</td><td class="confluenceTd">F15

</td><td class="confluenceTd">{F15}

</td></tr><tr><td class="confluenceTd">Print screen

</td><td class="confluenceTd">{PRTSC}

</td><td class="confluenceTd">F16

</td><td class="confluenceTd">{F16}

</td></tr><tr><td class="confluenceTd">Right Arrow

</td><td class="confluenceTd">{RIGHT}

</td><td class="confluenceTd">^

</td><td class="confluenceTd">{CARET}

</td></tr><tr><td class="confluenceTd">Scroll Lock

</td><td class="confluenceTd">{SCROLL}

</td><td class="confluenceTd">~

</td><td class="confluenceTd">{Tilde}

</td></tr><tr><td class="confluenceTd">Tab

</td><td class="confluenceTd">{TAB}

</td><td class="confluenceTd">{

</td><td class="confluenceTd">{LEFTBRACE}

</td></tr><tr><td class="confluenceTd">Up arrow

</td><td class="confluenceTd">{UP}

</td><td class="confluenceTd">}

</td><td class="confluenceTd">{RIGHTBRACE}

</td></tr><tr><td class="confluenceTd">\+ (Numeric keypad)

</td><td class="confluenceTd">{ADD}

</td><td class="confluenceTd">(

</td><td class="confluenceTd">{LEFTPAREN}

</td></tr><tr><td class="confluenceTd">\- (Numeric keypad)

</td><td class="confluenceTd">{SUBSTRCT}

</td><td class="confluenceTd">)

</td><td class="confluenceTd">{RIGHTPAREN}

</td></tr><tr><td class="confluenceTd">\* (Numeric keypad)

</td><td class="confluenceTd">{Multiply}

</td><td class="confluenceTd">windows (left)

</td><td class="confluenceTd">{LWIN} or {RWIN}

</td></tr><tr><td class="confluenceTd">/ (Numeric keypad)

</td><td class="confluenceTd">{DIVIDE}

</td><td class="confluenceTd">windows (right)

</td><td class="confluenceTd">{RWIN}

</td></tr><tr><td class="confluenceTd">+

</td><td class="confluenceTd">{PLUS}

</td><td class="confluenceTd">context menu

</td><td class="confluenceTd">{APPS}

</td></tr><tr><td class="confluenceTd">@

</td><td class="confluenceTd">{AT}

</td><td class="confluenceTd"></td><td class="confluenceTd"></td></tr></tbody></table>

</div></div></div>Here are a few small examples :

<div id="bkmrk-sendkeys-parameter-e"><div><div><table class="confluenceTable"><colgroup><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">**sendKeys parameter**

</td><td class="confluenceTd">**Effect**

</td></tr></tbody><tbody><tr><td class="confluenceTd">{DELAY=50}

</td><td class="confluenceTd">1\. Specifies a pause of 50 milliseconds between keystrokes.

</td></tr><tr><td class="confluenceTd">@R

</td><td class="confluenceTd">2\. Click Windows + R to invoke the run dialog command.

</td></tr><tr><td class="confluenceTd">notepad~

</td><td class="confluenceTd">3\. Enter notepad and pressed enter.

</td></tr><tr><td class="confluenceTd">hello world!

</td><td class="confluenceTd">4\. Write "Hello world!".

</td></tr><tr><td class="confluenceTd">%ua

</td><td class="confluenceTd">5\. Click the button to Alt + u, to show the About dialog box ...

</td></tr></tbody><tbody><tr><td class="confluenceTd">{Delay = 100}

</td><td class="confluenceTd">1\. Specifies a pause of 100 milliseconds between keystrokes.

</td></tr><tr><td class="confluenceTd">{AppActivate Calculator}

</td><td class="confluenceTd">2\. Turn the calculator.

</td></tr><tr><td class="confluenceTd">{ESC}

</td><td class="confluenceTd">3\. Click ESC to clear the contents.

</td></tr><tr><td class="confluenceTd">5\*7~

</td><td class="confluenceTd">4\. Write 5 \* 7 and pressed Enter.

</td></tr><tr><td class="confluenceTd">{beep 1000 500}

</td><td class="confluenceTd">5\. Makes noise.

</td></tr><tr><td class="confluenceTd">^C

</td><td class="confluenceTd">6\. Press Control-C to copy the contents.

</td></tr><tr><td class="confluenceTd">{appactivate Notepad}

</td><td class="confluenceTd">7\. Switch to notepad.

</td></tr><tr><td class="confluenceTd">^E

</td><td class="confluenceTd">8\. Click to e-control dial all.

</td></tr><tr><td class="confluenceTd">{DEL}

</td><td class="confluenceTd">9\. Click Delete to delete the contents.

</td></tr><tr><td class="confluenceTd">Result of 5 \* 7 is:

</td><td class="confluenceTd">10\. Writes "The result is 5 \* 7".

</td></tr><tr><td class="confluenceTd">^V

</td><td class="confluenceTd">11\. Click control-v hold the result..

</td></tr></tbody><tbody><tr><td class="confluenceTd">{DELAY=500}{NUMLOCK}{CAPSLOCK}{SCROLL}

</td><td class="confluenceTd">1\. Turn numbers, uppercase and scroll on in order.

</td></tr><tr><td class="confluenceTd">{SCROLL}{CAPSLOCK}{NUMLOCK}

</td><td class="confluenceTd">2\. Turn them off in the reverse order.

</td></tr></tbody><tbody><tr><td class="confluenceTd">{DELAY=500}

</td><td class="confluenceTd">1\. Specifies a pause of 500 milliseconds between keystrokes.

</td></tr><tr><td class="confluenceTd">%?

</td><td class="confluenceTd">2\. Click Alt-Space.

</td></tr><tr><td class="confluenceTd">{DOWN 5}

</td><td class="confluenceTd">3\. Click the down arrow five times.

</td></tr></tbody></table>

</div></div></div>

# 2. secretStore object

## Introduction

This object is always visible from any action, and provides access to the user's passwords and secrets. User passwords are always related to a system account.

This is the object used to retrieve user and password in order to **inject credentials** into applications.

## Methods

<div id="bkmrk-getsecret-text%3A-stri"><div><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">getSecret

</td><td class="confluenceTd">text: string

returns string

</td><td class="confluenceTd">Gets the value of a secret.

</td></tr><tr><td class="confluenceTd">getAccounts

</td><td class="confluenceTd">system: string

returns string \[\]

</td><td class="confluenceTd">Gets the list of accounts available for a given systemsecretStore object.

</td></tr><tr><td class="confluenceTd">getAccount

</td><td class="confluenceTd">system: string

returns string

</td><td class="confluenceTd">Gets the account to use a particular system. If more than one are available, the system will prompt the user for the one to use.

If the user cancels the dialog box, an exception will be thrown.

If no account is available, the undefined value will be returned.

</td></tr><tr><td class="confluenceTd">getPassword

</td><td class="confluenceTd">system: string

account: string

returns string

</td><td class="confluenceTd">Gets the password bound to the account on the system requested.

</td></tr><tr><td class="confluenceTd" colspan="1">setPassword</td><td class="confluenceTd" colspan="1">system: string

account: string

newPassword: string

</td><td class="confluenceTd" colspan="1">Changes the password at the password vault (version 1.4)</td></tr><tr><td class="confluenceTd" colspan="1">setSecret</td><td class="confluenceTd" colspan="1">name: string

value: string

</td><td class="confluenceTd" colspan="1">Sets the value of a secret at the password vault (version 1.4)</td></tr><tr><td class="confluenceTd" colspan="1">generatePassword</td><td class="confluenceTd" colspan="1">system: string

account: string

returns string

</td><td class="confluenceTd" colspan="1">Generates a random password suitable for the selected account (version 1.4)</td></tr></tbody></table>

</div></div>

# 3. SystemInfo object

## Introduction

The SystemInfo object is always visible from any **action**, and provides access to information about the machine.

## Attributes

<div id="bkmrk-os-string-specifies-"><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">os

</td><td class="confluenceTd">string

</td><td class="confluenceTd">Specifies the name of the operating system: Windows / Ubuntu

</td></tr><tr><td class="confluenceTd">oSVersion

</td><td class="confluenceTd">string

</td><td class="confluenceTd">Indicates the version of the operating system.

</td></tr><tr><td class="confluenceTd">osDistribution

</td><td class="confluenceTd">string

</td><td class="confluenceTd">Distributor operating system: Microsoft / Ubuntu / RedHat / ....

</td></tr><tr><td class="confluenceTd">hostName

</td><td class="confluenceTd">string

</td><td class="confluenceTd">Return the team name.

</td></tr><tr><td class="confluenceTd">clientHostName

</td><td class="confluenceTd">string

</td><td class="confluenceTd">For remote connections, returns the name of the source host.

</td></tr><tr><td class="confluenceTd">fileSeparator

</td><td class="confluenceTd">string

</td><td class="confluenceTd">Separator files depending on the platform:

 / Linux

 \\ For Windows

</td></tr><tr><td class="confluenceTd">username

</td><td class="confluenceTd">string

</td><td class="confluenceTd">Operating system user name. It can be different from Soffid user name.

</td></tr></tbody></table>

</div>

# 4. Window class

## Introduction

When an action is bound with a user interface application, it creates an object of class Window for each component at the XML descriptor with a ref-as attribute. Those components have the following methods:

## Methods

<div id="bkmrk-gettext-returns-stri"><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">getText

</td><td class="confluenceTd">returns string

</td><td class="confluenceTd">Gets the text value of the component.

</td></tr><tr><td class="confluenceTd">setText

</td><td class="confluenceTd">text: string

</td><td class="confluenceTd">Change the text value of a component.

</td></tr><tr><td class="confluenceTd">click

</td><td class="confluenceTd"></td><td class="confluenceTd">Acts as if the user clicks on the component. It's suitable on button components.

</td></tr><tr><td class="confluenceTd">setFocus

</td><td class="confluenceTd"></td><td class="confluenceTd">Move the focus to the component.

</td></tr></tbody></table>

</div>

# 5. Document class

## Introduction

When an action is associated with a Web application, it creates a document that identifies the full HTML document. This object assigned to the document variable. Thus, scripts can access the web contents and its DOM tree in runtime. The document object implement a subset of the standard DOM HtmlDocument.

## Attributes

<div id="bkmrk-url-string-full-url-"><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">url

</td><td class="confluenceTd">string

</td><td class="confluenceTd">Full URL of the document.

</td></tr><tr><td class="confluenceTd">domain

</td><td class="confluenceTd">string

</td><td class="confluenceTd">Contains the domain of the page.

</td></tr><tr><td class="confluenceTd">title

</td><td class="confluenceTd">string

</td><td class="confluenceTd">Title of the document.

</td></tr><tr><td class="confluenceTd">cookie

</td><td class="confluenceTd">string

</td><td class="confluenceTd">Contains cookies that are bound to this document.

</td></tr><tr><td class="confluenceTd">anchors

</td><td class="confluenceTd">Collection

</td><td class="confluenceTd">Contains elements of type A.

</td></tr><tr><td class="confluenceTd">forms

</td><td class="confluenceTd">Collection

</td><td class="confluenceTd">Contains items of type FORM.

</td></tr><tr><td class="confluenceTd">images

</td><td class="confluenceTd">Collection

</td><td class="confluenceTd">Contains items from IMG.

</td></tr><tr><td class="confluenceTd">links

</td><td class="confluenceTd">Collection

</td><td class="confluenceTd">Contains elements of type A and AREA.

</td></tr><tr><td class="confluenceTd">documentElement

</td><td class="confluenceTd">Item

</td><td class="confluenceTd">Contains the root element.

</td></tr></tbody></table>

</div>## Methods

<div id="bkmrk-getelementbyid-id%3A-s"><div><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">getElementById

</td><td class="confluenceTd">id: string

Element returns

</td><td class="confluenceTd">Find the first element with the specified ID.

</td></tr><tr><td class="confluenceTd">getElementsByTagName

</td><td class="confluenceTd">tag: string

returns Collection

</td><td class="confluenceTd">Find all elements with the specified tag.

</td></tr><tr><td class="confluenceTd">write

</td><td class="confluenceTd">text: string

</td><td class="confluenceTd">Add content to the document.

</td></tr><tr><td class="confluenceTd">writeln

</td><td class="confluenceTd">text: string

</td><td class="confluenceTd">Add content and new line to the document.

</td></tr><tr><td class="confluenceTd" colspan="1">autofill</td><td class="confluenceTd" colspan="1">text: string</td><td class="confluenceTd" colspan="1">Proceed with smart auto fill engine, allowing end user to select and or save accounts.

The mandatory parameter sets the domain where to look for accounts.

</td></tr></tbody></table>

</div></div>

# 6. Element class

## Introduction

The objects of type Element are created for each input element with a ref-as attribute, or are obtained from the Document itself. It implements a subset of the DOM class HtmlElement.

## Attributes

<div id="bkmrk-childnodes-collectio"><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">childNodes

</td><td class="confluenceTd">Collection

</td><td class="confluenceTd">Vector of children elements.

</td></tr><tr><td class="confluenceTd">disabled

</td><td class="confluenceTd">bool

</td><td class="confluenceTd">Indicator whether the element is disabled or not.

</td></tr><tr><td class="confluenceTd">id

</td><td class="confluenceTd">string

</td><td class="confluenceTd">Id attribute of the element.

</td></tr><tr><td class="confluenceTd">tagName

</td><td class="confluenceTd">string

</td><td class="confluenceTd">Element's tag.

</td></tr><tr><td class="confluenceTd">parentNode

</td><td class="confluenceTd">Item

</td><td class="confluenceTd">Parent element.

</td></tr></tbody></table>

</div>## Methods

<div id="bkmrk-getattribute-name%3A-s"><div><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">getAttribute

</td><td class="confluenceTd">name: string

returns string

</td><td class="confluenceTd">Gets the attribute value of the element.

</td></tr><tr><td class="confluenceTd">setAttribute

</td><td class="confluenceTd">name: string

value: string

</td><td class="confluenceTd">Updates the attribute value.

</td></tr><tr><td class="confluenceTd">removeAttribute

</td><td class="confluenceTd">name: string

</td><td class="confluenceTd">Removes an attribute.

</td></tr><tr><td class="confluenceTd">getElementsByTagName

</td><td class="confluenceTd">tag: string

returns Collection

</td><td class="confluenceTd">Find all children with the specified tag.

</td></tr><tr><td class="confluenceTd">click

</td><td class="confluenceTd"></td><td class="confluenceTd">Acts as if the user had clicked on the button.

</td></tr><tr><td class="confluenceTd">blur

</td><td class="confluenceTd"></td><td class="confluenceTd">Remove focus.

</td></tr><tr><td class="confluenceTd">focus

</td><td class="confluenceTd"></td><td class="confluenceTd">Grants focus.

</td></tr><tr><td class="confluenceTd">submit

</td><td class="confluenceTd"></td><td class="confluenceTd">Send form contents.

</td></tr></tbody></table>

</div></div>

# 7. Collection class

## Introduction

The collection object implements a subset of the standard DOM HTMLCollection

## Attributes

<div id="bkmrk-length-long-number-o"><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">length

</td><td class="confluenceTd">Long

</td><td class="confluenceTd">Number of items in collection.

</td></tr></tbody></table>

</div>## Methods

<div id="bkmrk-item-id%3A-long-return"><div><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">item

</td><td class="confluenceTd">id: long

returns Element

</td><td class="confluenceTd">Find the element with id order number. The first element is 0.

</td></tr><tr><td class="confluenceTd">namedItem

</td><td class="confluenceTd">id: string

returns Element

</td><td class="confluenceTd">Search for an item with the given name. First search an element with matching Id attribute.

If none is found, search for an element with matching Name attribute.

</td></tr></tbody></table>

</div></div>

# 8. File class

## Introduction

It allows easy manipulation of files using the File class.

## Constructor

<div id="bkmrk-file-file%3A-string-mo"><table class="confluenceTable" style="width: 592px;"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd" style="width: 68px;">File

</td><td class="confluenceTd" style="width: 128px;">file: string

mode: string

</td><td class="confluenceTd" style="width: 396px;">Create an object of type File for the specified file.

If mode is “r”, the file will be opened in read mode.

If mode is “w”, the file will be opened in write mode.

If the mode is “a”, the file will be open in append mode.

</td></tr></tbody></table>

</div>## Methods

<div id="bkmrk-read-byte-int-%281000%29"><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">read

</td><td class="confluenceTd">byte int (1000)

returns string

</td><td class="confluenceTd">Reads at most the specified number of bytes.

When no numer is specified, 1000 bytes will be read at most.

</td></tr><tr><td class="confluenceTd">readLine

</td><td class="confluenceTd">returns string

</td><td class="confluenceTd">Reads untill end of line.

</td></tr><tr><td class="confluenceTd">write

</td><td class="confluenceTd">text: string

</td><td class="confluenceTd">Writes the specified text.

</td></tr><tr><td class="confluenceTd">WriteLine

</td><td class="confluenceTd">text: string

</td><td class="confluenceTd">Writes text with and end of line.

</td></tr><tr><td class="confluenceTd">close

</td><td class="confluenceTd"></td><td class="confluenceTd">Closes the file.

</td></tr><tr><td class="confluenceTd">flush

</td><td class="confluenceTd"></td><td class="confluenceTd">Flush all buffers to disk.

</td></tr><tr><td class="confluenceTd">eof

</td><td class="confluenceTd">returns boolean

</td><td class="confluenceTd">Returns true if the end of file has been reached.

</td></tr></tbody></table>

</div>## (static) methods and attributes

Additionally, the File object has the following (static) methods and attributes:

<div id="bkmrk-mkdir-directory%3A-str"><div><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">mkdir

</td><td class="confluenceTd">directory: string

</td><td class="confluenceTd">Creates the specified directory.

</td></tr><tr><td class="confluenceTd">stdin

</td><td class="confluenceTd">File

</td><td class="confluenceTd">Attribute that contains a File object associated with standard input.

</td></tr><tr><td class="confluenceTd">stdout

</td><td class="confluenceTd">File

</td><td class="confluenceTd">Attribute that contains a File object associated with standard output.

</td></tr><tr><td class="confluenceTd">stderr

</td><td class="confluenceTd">File

</td><td class="confluenceTd">Attribute that contains a File object associated with the standard error output.

</td></tr><tr><td class="confluenceTd">copy

</td><td class="confluenceTd">source: string

target: string

</td><td class="confluenceTd">Copy selected file. This method is not able to copy directories.

</td></tr><tr><td class="confluenceTd">delete

</td><td class="confluenceTd">file: string

</td><td class="confluenceTd">Deletes a file or directory.

</td></tr><tr><td class="confluenceTd">move

</td><td class="confluenceTd">source: string

target: string

</td><td class="confluenceTd">Moves (or renames) a file or directory.

</td></tr><tr><td class="confluenceTd">isDirectory

</td><td class="confluenceTd">f: string

returns boolean

</td><td class="confluenceTd">Returns true if the specified file is a directory.

</td></tr><tr><td class="confluenceTd">canRead

</td><td class="confluenceTd">f: string

returns boolean

</td><td class="confluenceTd">Returns true if the file can be read.

</td></tr><tr><td class="confluenceTd">canWrite

</td><td class="confluenceTd">f: string

returns boolean

</td><td class="confluenceTd">Returns true if the file can be written.

</td></tr><tr><td class="confluenceTd">getParent

</td><td class="confluenceTd">f: string

returns string

</td><td class="confluenceTd">Returns the parent directory of a file.

</td></tr></tbody></table>

</div></div>

# 9. Directory class

## Introduction

This class is able to look for directories content. A directory object has the following attributes and methods:

## Constructor

<div id="bkmrk-directory-file%3A-stri"><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">Directory

</td><td class="confluenceTd">file: string

</td><td class="confluenceTd">Creates a directory object bound to the specified path.

</td></tr></tbody></table>

</div>## Methods

<div id="bkmrk-length-returns-int-i"><div><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">length

</td><td class="confluenceTd">returns int

</td><td class="confluenceTd">Indicates the number of files in the directory.

</td></tr><tr><td class="confluenceTd">item

</td><td class="confluenceTd">return string

</td><td class="confluenceTd">Specifies the name of the file content.

</td></tr></tbody></table>

</div></div>

# 10. MailService class

## Introduction

Simple tool to send emails. The MailService object has the following methods.

## Constructor

<div id="bkmrk-mailservice-%C2%A0-create"><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">MailService

</td><td class="confluenceTd"></td><td class="confluenceTd">Create an object of type MailServer.

</td></tr></tbody></table>

</div>## Methods

<div id="bkmrk-setserver-server%3A-st"><div><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">setServer

</td><td class="confluenceTd">server: string

</td><td class="confluenceTd">Specifies the name of the mail server.

</td></tr><tr><td class="confluenceTd">setFrom

</td><td class="confluenceTd">from: String

</td><td class="confluenceTd">Specifies the name of the sender.

</td></tr><tr><td class="confluenceTd">Setter

</td><td class="confluenceTd">to: string

</td><td class="confluenceTd">Specifies the name of the recipient.

</td></tr><tr><td class="confluenceTd">send

</td><td class="confluenceTd">text: string

</td><td class="confluenceTd">Send the message indicated.

</td></tr></tbody></table>

</div></div>

# 11. NetworkResource class

## Introduction

Connect and disconnect network services (disks and printers).

## Constructor

<div id="bkmrk-networkresource-%C2%A0-cr"><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">NetworkResource

</td><td class="confluenceTd"></td><td class="confluenceTd">Creates an object of type NetworkResource.

</td></tr></tbody></table>

</div>## Methods

<div id="bkmrk-connectprinter-resou"><div><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">connectPrinter

</td><td class="confluenceTd">resource: string

model: string

</td><td class="confluenceTd">Connects a remote printer to the local spooler.

</td></tr><tr><td class="confluenceTd">connectDrive

</td><td class="confluenceTd">localDrive: string

resource: string

password: string (optional)

user: string (optional)

</td><td class="confluenceTd">Connects a network drive.

</td></tr><tr><td class="confluenceTd">disconnectAllPrinters

</td><td class="confluenceTd"></td><td class="confluenceTd">Disconnects all remote printers.

</td></tr><tr><td class="confluenceTd">disconnectPrinter

</td><td class="confluenceTd">name: string

</td><td class="confluenceTd">Disconnects a remote Printer.

</td></tr><tr><td class="confluenceTd">disconnectDrive

</td><td class="confluenceTd">localName: string

</td><td class="confluenceTd">Disconnects a remote drive.

</td></tr></tbody></table>

</div></div>

# 12. Registry class

## Introduction

Manipulate the windows registry.

## Constructor

<div id="bkmrk-registry-path%3A-strin"><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">Registry

</td><td class="confluenceTd">path: string

</td><td class="confluenceTd">Create an object of type Registry

</td></tr></tbody></table>

</div>## Global objects

<div id="bkmrk-registry.hkey_local_"><table class="confluenceTable"><colgroup><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">Registry.HKEY\_LOCAL\_MACHINE

</td><td class="confluenceTd">Tree Key LOCAL\_MACHINE

</td></tr><tr><td class="confluenceTd">Registry.HKEY\_CURRENT\_USER

</td><td class="confluenceTd">Tree CURRENT\_USER key

</td></tr><tr><td class="confluenceTd">Registry.HKEY\_USERS

</td><td class="confluenceTd">Tree Key USERS

</td></tr><tr><td class="confluenceTd">Registry.HKEY\_CLASSES\_ROOT

</td><td class="confluenceTd">Tree Key CLASSES\_ROOT

</td></tr><tr><td class="confluenceTd">Registry.HKEY\_LOCAL\_MACHINE32

</td><td class="confluenceTd">Tree LOCAL\_MACHINE 32-bit keys

</td></tr><tr><td class="confluenceTd">Registry.HKEY\_CURRENT\_USER32

</td><td class="confluenceTd">Tree CURRENT\_USER key 32bit

</td></tr><tr><td class="confluenceTd">Registry.HKEY\_USERS32

</td><td class="confluenceTd">Tree 32bit key USERS

</td></tr><tr><td class="confluenceTd">Registry.HKEY\_CLASSES\_ROOT32

</td><td class="confluenceTd">Tree CLASSES\_ROOT 32-bit keys

</td></tr></tbody></table>

</div>## Methods

<div id="bkmrk-openkey-path%3A-string"><div><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">openKey

</td><td class="confluenceTd">path: string

returns Registry

</td><td class="confluenceTd">Opens a registry subkey.

</td></tr><tr><td class="confluenceTd">createKey

</td><td class="confluenceTd">path: string

returns Registry

</td><td class="confluenceTd">Creates a registry subkey.

</td></tr><tr><td class="confluenceTd">getValue

</td><td class="confluenceTd">entryName: string

Object returns

</td><td class="confluenceTd">Reads registry value.

</td></tr><tr><td class="confluenceTd">setValue

</td><td class="confluenceTd">entryName: string

value: Object

type: string

</td><td class="confluenceTd">Updates a registry value.

Type (optional) can be:

\- REG\_SZ

\- REG\_EXPAND\_SZ

\- REG\_BINARY

\- REG\_DWORD

\- REG\_MULTI\_SZ

</td></tr></tbody></table>

</div></div>

# 13. ServerInfo class

## Introduction

This helper class allows the script to query information stored at Soffid console.

## Constructor

<div id="bkmrk-serverinfo-path%3A-str"><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">ServerInfo

</td><td class="confluenceTd">path: string

</td><td class="confluenceTd">Queried the server returning an object of type ServerInfo.

</td></tr></tbody></table>

</div>## Methods

<div id="bkmrk-length-returns-int-r"><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">length

</td><td class="confluenceTd">returns int

</td><td class="confluenceTd">Returns the number of rows obtained.

</td></tr><tr><td class="confluenceTd">row

</td><td class="confluenceTd">n: int

object returns

</td><td class="confluenceTd">Returns information about the n-throw from.

</td></tr></tbody></table>

</div>The objects returned depend on the path indicated.

# 14. Hll class (version 1.4.0)

## Introduction

The Hll class gives the script engine access to Hll terminal emulators. When a hll pattern matches the emulator screen, a hll object of class Hll will be crated and can be used by the action script.

## Attributes

<div id="bkmrk-sessionid-string-ful"><div><div><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">sessionId

</td><td class="confluenceTd">string

</td><td class="confluenceTd">Full URL of the document.

</td></tr><tr><td class="confluenceTd">sessionName

</td><td class="confluenceTd">string

</td><td class="confluenceTd">Contains the domain of the page.

</td></tr><tr><td class="confluenceTd">columns

</td><td class="confluenceTd">int

</td><td class="confluenceTd">Numer of columns.

</td></tr><tr><td class="confluenceTd">rows

</td><td class="confluenceTd">int

</td><td class="confluenceTd">Number of rows.

</td></tr></tbody></table>

</div></div></div>## Methods

<div id="bkmrk-getcursorlocation-re"><div><div><table class="confluenceTable"><colgroup><col></col><col></col><col></col></colgroup><tbody><tr><td class="confluenceTd">getCursorLocation

</td><td class="confluenceTd">returns object with row and column attributes

</td><td class="confluenceTd">Gets the cursor location.

</td></tr><tr><td class="confluenceTd">setCursorLocation

</td><td class="confluenceTd">row: integer

column: integer

</td><td class="confluenceTd">Changes cursor location.

</td></tr><tr><td class="confluenceTd">getContent

</td><td class="confluenceTd">returns String

</td><td class="confluenceTd">Gets the terminal emulator screen content.

</td></tr><tr><td class="confluenceTd">sendText

</td><td class="confluenceTd">text: string

</td><td class="confluenceTd">Send text to host.

</td></tr><tr><td class="confluenceTd" colspan="1">sendKeys</td><td class="confluenceTd" colspan="1">keys:string</td><td class="confluenceTd" colspan="1">Send text, possibly containing escape sequences.</td></tr></tbody></table>

</div></div></div>## Escape sequence

The following escape sequence are defined:

<div id="bkmrk-mnemonic-meaning-327"><div><table class="confluenceTable tablesorter tablesorter-default stickyTableHeaders" role="grid"><thead class="tableFloatingHeaderOriginal"><tr class="tablesorter-headerRow" role="row"><th aria-disabled="false" aria-label="Mnemonic: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="0" role="columnheader" scope="col" tabindex="0"><div>Mnemonic</div></th><th aria-disabled="false" aria-label="Meaning: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="1" role="columnheader" scope="col" tabindex="0"><div>Meaning</div></th><th aria-disabled="false" aria-label="3270: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="2" role="columnheader" scope="col" tabindex="0"><div>3270</div></th><th aria-disabled="false" aria-label="5250: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="3" role="columnheader" scope="col" tabindex="0"><div>5250</div></th><th aria-disabled="false" aria-label="VT: No sort applied, activate to apply an ascending sort" aria-sort="none" class="confluenceTh tablesorter-header sortableHeader tablesorter-headerUnSorted" data-column="4" role="columnheader" scope="col" tabindex="0"><div>VT</div></th></tr></thead><thead class="tableFloatingHeader"></thead><tbody aria-live="polite" aria-relevant="all"><tr role="row"><td class="confluenceTd">@B</td><td class="confluenceTd">Left Tab</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@C</td><td class="confluenceTd">Clear</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@D</td><td class="confluenceTd">Delete</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@E</td><td class="confluenceTd">Enter</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@F</td><td class="confluenceTd">Erase EOF</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@H</td><td class="confluenceTd">Help</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@I</td><td class="confluenceTd">Insert</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@J</td><td class="confluenceTd">Jump (Set Focus)</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@L</td><td class="confluenceTd">Cursor Left</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@N</td><td class="confluenceTd">New Line</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@O</td><td class="confluenceTd">Space</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@P</td><td class="confluenceTd">Print</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@R</td><td class="confluenceTd">Reset</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@T</td><td class="confluenceTd">Right Tab</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@U</td><td class="confluenceTd">Cursor Up</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@V</td><td class="confluenceTd">Cursor Down</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@X\*</td><td class="confluenceTd">DBCS (Reserved)</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@Z</td><td class="confluenceTd">Cursor Right</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@0</td><td class="confluenceTd">Home</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@1</td><td class="confluenceTd">PF1/F1</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@2</td><td class="confluenceTd">PF2/F2</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@3</td><td class="confluenceTd">PF3/F3</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@4</td><td class="confluenceTd">PF4/F4</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@5</td><td class="confluenceTd">PF5/F5</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@6</td><td class="confluenceTd">PF6/F6</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@7</td><td class="confluenceTd">PF7/F7</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@8</td><td class="confluenceTd">PF8/F8</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@9</td><td class="confluenceTd">PF9/F9</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@a</td><td class="confluenceTd">PF10/F10</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@b</td><td class="confluenceTd">PF11/F11</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@c</td><td class="confluenceTd">PF12/F12</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@d</td><td class="confluenceTd">PF13</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@e</td><td class="confluenceTd">PF14</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@f</td><td class="confluenceTd">PF15</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@g</td><td class="confluenceTd">PF16</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@h</td><td class="confluenceTd">PF17</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@i</td><td class="confluenceTd">PF18</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@j</td><td class="confluenceTd">PF19</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@k</td><td class="confluenceTd">PF20</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@l</td><td class="confluenceTd">PF21</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@m</td><td class="confluenceTd">PF22</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@n</td><td class="confluenceTd">PF23</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@o</td><td class="confluenceTd">PF24</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@q</td><td class="confluenceTd">End</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@u</td><td class="confluenceTd">Page Up</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@v</td><td class="confluenceTd">Page Down</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@x</td><td class="confluenceTd">PA1</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@y</td><td class="confluenceTd">PA2</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@z</td><td class="confluenceTd">PA3</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@C</td><td class="confluenceTd">Test</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@D</td><td class="confluenceTd">Word Delete</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@E</td><td class="confluenceTd">Field Exit</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@F</td><td class="confluenceTd">Erase Input</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@H</td><td class="confluenceTd">System Request</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@I</td><td class="confluenceTd">Insert Toggle</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@J</td><td class="confluenceTd">Cursor Select</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@L</td><td class="confluenceTd">Cursor Left Fast</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@Q</td><td class="confluenceTd">Attention</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@R</td><td class="confluenceTd">Device Cancel (Cancels Print Presentation Space)</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@T</td><td class="confluenceTd">Print Presentation Space</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@A@U</td><td class="confluenceTd">Cursor Up Fast</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@V</td><td class="confluenceTd">Cursor Down Fast</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@Z</td><td class="confluenceTd">Cursor Right Fast</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@9</td><td class="confluenceTd">Reverse Video</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@b</td><td class="confluenceTd">Underscore</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@c</td><td class="confluenceTd">Reset Reverse Video</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@d</td><td class="confluenceTd">Red</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@e</td><td class="confluenceTd">Pink</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@f</td><td class="confluenceTd">Green</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@g</td><td class="confluenceTd">Yellow</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@h</td><td class="confluenceTd">Blue</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@i</td><td class="confluenceTd">Turquoise</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@j</td><td class="confluenceTd">White</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@l</td><td class="confluenceTd">Reset Host Colors</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@t</td><td class="confluenceTd">Print (Personal Computer)</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@y</td><td class="confluenceTd">Forward Word Tab</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@z</td><td class="confluenceTd">Backward Word Tab</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@-</td><td class="confluenceTd">Field -</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@+</td><td class="confluenceTd">Field +</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@A@&lt;</td><td class="confluenceTd">Record Backspace</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@S@E</td><td class="confluenceTd">Print Presentation Space on Host</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@S@x</td><td class="confluenceTd">Dup</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@S@y</td><td class="confluenceTd">Field Mark</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@W@C

</td><td class="confluenceTd">Edit Copy

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td></tr><tr role="row"><td class="confluenceTd">@W@D

</td><td class="confluenceTd">Edit Clear

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td></tr><tr role="row"><td class="confluenceTd">@W@E

</td><td class="confluenceTd">Edit Copy Append

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td></tr><tr role="row"><td class="confluenceTd">@W@L

</td><td class="confluenceTd">Edit Copy Link

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td></tr><tr role="row"><td class="confluenceTd">@W@N

</td><td class="confluenceTd">Edit Paste Next

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td></tr><tr role="row"><td class="confluenceTd">@W@V

</td><td class="confluenceTd">Edit Paste

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td></tr><tr role="row"><td class="confluenceTd">@W@X

</td><td class="confluenceTd">Edit Cut

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td></tr><tr role="row"><td class="confluenceTd">@W@Z

</td><td class="confluenceTd">Edit Undo

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td><td class="confluenceTd">Yes

</td></tr><tr role="row"><td class="confluenceTd">@X@1</td><td class="confluenceTd">Display SO/SI</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@X@5</td><td class="confluenceTd">Generate SO/SI</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@X@6</td><td class="confluenceTd">Display Attribute</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@X@7</td><td class="confluenceTd">Forward Character</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@X@c</td><td class="confluenceTd">Split Vertical Bar</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@M@0</td><td class="confluenceTd">VT Numeric Pad 0</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@1</td><td class="confluenceTd">VT Numeric Pad 1</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@2</td><td class="confluenceTd">VT Numeric Pad 2</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@3</td><td class="confluenceTd">VT Numeric Pad 3</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@4</td><td class="confluenceTd">VT Numeric Pad 4</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@5</td><td class="confluenceTd">VT Numeric Pad 5</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@6</td><td class="confluenceTd">VT Numeric Pad 6</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@7</td><td class="confluenceTd">VT Numeric Pad 7</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@8</td><td class="confluenceTd">VT Numeric Pad 8</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@9</td><td class="confluenceTd">VT Numeric Pad 9</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@-</td><td class="confluenceTd">VT Numeric Pad -</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@,</td><td class="confluenceTd">VT Numeric Pad ,</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@.</td><td class="confluenceTd">VT Numeric Pad .</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@e</td><td class="confluenceTd">VT Numeric Pad Enter</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@f</td><td class="confluenceTd">VT Edit Find</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@i</td><td class="confluenceTd">VT Edit Insert</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@r</td><td class="confluenceTd">VT Edit Remove</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@s</td><td class="confluenceTd">VT Edit Select</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@p</td><td class="confluenceTd">VT Edit Previous Screen</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@n</td><td class="confluenceTd">VT Edit Next Screen</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@a</td><td class="confluenceTd">VT PF1</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@b</td><td class="confluenceTd">VT PF2</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@c</td><td class="confluenceTd">VT PF3</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@d</td><td class="confluenceTd">VT PF4</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@h</td><td class="confluenceTd">VT HOld Screen</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@(space)</td><td class="confluenceTd">Control Code NUL</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@A</td><td class="confluenceTd">Control Code SOH</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@B</td><td class="confluenceTd">Control Code STX</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@C</td><td class="confluenceTd">Control Code ETX</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@D</td><td class="confluenceTd">Control Code EOT</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@E</td><td class="confluenceTd">Control Code ENQ</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@F</td><td class="confluenceTd">Control Code ACK</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@G</td><td class="confluenceTd">Control Code BEL</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@H</td><td class="confluenceTd">Control Code BS</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@I</td><td class="confluenceTd">Control Code HT</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@J</td><td class="confluenceTd">Control Code LF</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@K</td><td class="confluenceTd">Control Code VT</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@L</td><td class="confluenceTd">Control Code FF</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@M</td><td class="confluenceTd">Control Code CR</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@N</td><td class="confluenceTd">Control Code SO</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@O</td><td class="confluenceTd">Control Code SI</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@P</td><td class="confluenceTd">Control Code DLE</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@Q</td><td class="confluenceTd">Control Code DC1</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@R</td><td class="confluenceTd">Control Code DC2</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@S</td><td class="confluenceTd">Control Code DC3</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@T</td><td class="confluenceTd">Control Code DC4</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@U</td><td class="confluenceTd">Control Code NAK</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@V</td><td class="confluenceTd">Control Code SYN</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@W</td><td class="confluenceTd">Control Code ETB</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@X</td><td class="confluenceTd">Control Code CAN</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@Y</td><td class="confluenceTd">Control Code EM</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@Z</td><td class="confluenceTd">Control Code SUB</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@u</td><td class="confluenceTd">Control Code ESC</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@v</td><td class="confluenceTd">Control Code FS</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@w</td><td class="confluenceTd">Control Code GS</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@x</td><td class="confluenceTd">Control Code RS</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@y</td><td class="confluenceTd">Control Code US</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@M@z</td><td class="confluenceTd">Control Code DEL</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@A</td><td class="confluenceTd">VT User Defined Key 6</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@B</td><td class="confluenceTd">VT User Defined Key 7</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@C</td><td class="confluenceTd">VT User Defined Key 8</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@D</td><td class="confluenceTd">VT User Defined Key 9</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@E</td><td class="confluenceTd">VT User Defined Key 10</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@F</td><td class="confluenceTd">VT User Defined Key 11</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@G</td><td class="confluenceTd">VT User Defined Key 12</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@H</td><td class="confluenceTd">VT User Defined Key 13</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@I</td><td class="confluenceTd">VT User Defined Key 14</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@J</td><td class="confluenceTd">VT User Defined Key 15</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@K</td><td class="confluenceTd">VT User Defined Key 16</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@L</td><td class="confluenceTd">VT User Defined Key 17</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@M</td><td class="confluenceTd">VT User Defined Key 18</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@N</td><td class="confluenceTd">VT User Defined Key 19</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@0</td><td class="confluenceTd">VT User Defined Key 20</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@a</td><td class="confluenceTd">VT Backtab</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@r</td><td class="confluenceTd">VT Clear Page</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@Q@s</td><td class="confluenceTd">VT Edit</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@@</td><td class="confluenceTd">@</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@$</td><td class="confluenceTd">Alternate Cursor (The Presentation Manager Interface only)</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@&lt;</td><td class="confluenceTd">Backspace</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@:@s</td><td class="confluenceTd">Screen Reverse</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@:@n</td><td class="confluenceTd">Bidi Layer</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@:@l</td><td class="confluenceTd">Latin Layer</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@:@F</td><td class="confluenceTd">Field Reverse</td><td class="confluenceTd">Yes</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@:@p</td><td class="confluenceTd">Push</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@:@e</td><td class="confluenceTd">End Push</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@:@a</td><td class="confluenceTd">Auto Push</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@:@r</td><td class="confluenceTd">Auto Reverse</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@:@d</td><td class="confluenceTd">CSD</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@:@f</td><td class="confluenceTd">Final</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@:@i</td><td class="confluenceTd">Isolated</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@:@m</td><td class="confluenceTd">Middle</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@:@t</td><td class="confluenceTd">Initial</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@:@h</td><td class="confluenceTd">Field Shape</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@:@u</td><td class="confluenceTd">Field Base</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@:@b</td><td class="confluenceTd">Base</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@:@o</td><td class="confluenceTd">Close</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td><td class="confluenceTd">No</td></tr><tr role="row"><td class="confluenceTd">@:@K</td><td class="confluenceTd">Column Heading</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@:@B</td><td class="confluenceTd">Cursor Direction</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@:@D</td><td class="confluenceTd">Encoding Mode</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes</td></tr><tr role="row"><td class="confluenceTd">@:@M</td><td class="confluenceTd">VT Change Display Mode</td><td class="confluenceTd">No</td><td class="confluenceTd">No</td><td class="confluenceTd">Yes (Hebrew only)</td></tr></tbody></table>

</div></div>

# ESSO Scripting examples

1\. Run an application like notepad

```
exec ("notepad.exe");
```

2\. Automatic application update

```Java
if (SystemInfo.os == "Linux") {
	exec ("(mkdir /tmp/google-chrome-updates && " +
		  " wget -O /tmp/google-chrome-updates/google-chrome-stable_current_amd64.deb " +
	      " -c https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb " +
	      " &&	 apt-get update && sudo apt-get install libappindicator1 " +
	      " && sudo dpkg -i /tmp/google-chrome-updates/google-chrome-stable_current_amd64.deb " +
          " && sudo apt-get install google-chrome-stable) " +
		  " </dev/null >>/var/log/google-chrome-stable_current_amd641.log 2>&1 "
          );
}
```

3\.

```shell
<Mazinger>
  <WebApplication url="https://jira.soffid.com/.*"  >
    <Input id="login-form-username" ref-as="u"/>
    <Input id="login-form-password" ref-as="p"/>
    <Input id="login" ref-as="b"/>
    <Action event="onLoad" type="script" repeat="true" delay="5">
      account = secretStore.getAccount("soffid.org-ldap");
      debug("Account = "+account);
      u.setAttribute("value", account);
      password = secretStore.getPassword("soffid.org-ldap", account);
      debug("Password = "+password);
      p.setAttribute("value", password);
      sleep(100);
      debug("Clicking");
      b.click();
      debug("Clicked");
    </Action>
  </WebApplication>
</Mazinger>
                  
```

# How to add to ESSO a second factor of authentication?

## Introduction

Soffid allows you to add a second factor of authentication by configuring a parameter in Soffid Console and the Second Factor Authentication (2FA).

## Step by step

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">1. </span>First of all, you need to configure the **addon.federation.essoidp** parameter. The value must be the Identity Provider Identifier:

[![image-1685446185526.png](https://bookstack.soffid.com/uploads/images/gallery/2023-05/scaled-1680-/image-1685446185526.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-05/image-1685446185526.png)

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">2. </span>Then, you need to add the 2FA in the proper Identity Provider:

[![image-1685521019693.png](https://bookstack.soffid.com/uploads/images/gallery/2023-05/scaled-1680-/image-1685521019693.png)](https://bookstack.soffid.com/uploads/images/gallery/2023-05/image-1685521019693.png)

# How to upgrade ESSO?

## Introduction

Once ESSO is installed, configured and operational, it is very likely that **an update will be required** at some point.

There are many **reasons** for updating:

- To keep up to date with the latest versions.
- To adapt to changes in the operating system.
- To resolve bugs or fixes.
- To adapt to new versions of Soffid.
- To include new features.
- How to upgrade ESSO in Linux?

## How to upgrade ESSO in Linux?

Installation on Linux or Windows is very simple, you just need to run the new installer again.

This is explained in more detail below.

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">1. </span> **Download** the new version of the installer, please go to the Soffid [Enterprise downloads](https://download.soffid.com/download/enterprise/) page in the Enterprise Single Sign On (ESSO seccion).

<p class="callout warning">Please note that in Linux, the installer depends on the version of Linux.</p>

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">2.</span> Execute the **installer** of the new version.

Open a Terminal, navigate to the directory where your downloaded file is located, and run the installer command:

```
sudo dpkg -i "the-name-of-your-file.deb"
```

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">3.</span> Now, for the system to apply the changes, you need to **log out** and then **log in** again.

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">4.</span> To **veify** that you are using the correct version, you can check this information by clicking on the Soffid ESSO component icon in your browser, which will open a popup window displaying the version.

## How to upgrade ESSO in Windows?

Installation on Linux or Windows is very simple, you just need to run the new installer again.

This is explained in more detail below.

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">1. </span> **Download** the new version of the installer, please go to the Soffid [Enterprise downloads](https://download.soffid.com/download/enterprise/) page in the Enterprise Single Sign On (ESSO seccion).

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">2.</span> Execute the **installer** of the new version.

<p class="callout warning">Please note that administrator permissions are required to run the administrator.</p>

Please follow these steps:

- Go to the **directory** where the downloaded file is located
- Double click to **install**
- In the first Windows pop-up, click on "**More information**" and then "**Run anyway**".
- In the next popup from the installer, follow the steps, click **Next**, **Accept**, **Install**, **OK**, **Finish**, **Yes**.

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">3.</span> After the final "Yes", the system wil **restart** to apply the changes.

<span style="color: #a6d100; font-weight: bold; font-size: 18px;">4.</span> To **veify** that you are using the correct version, you can check this information by clicking on the Soffid ESSO component icon in your browser, which will open a popup window displaying the version.

## Unable to select a soffid user after the update?

If, after updating, the option to use Soffid users does not appear, it is very likely that you have an old configuration.

<details id="bkmrk-image"><summary>Image</summary>

![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-01/scaled-1680-/LzZsMnzMW5niTtOx-image.png)

</details>You will probably need to update the ESSO configuration so that it points to Soffid's idp instead of Syncserver.

<p class="callout info">For further information, please refer to the [ESSO installation](https://bookstack.soffid.com/books/esso "ESSO") page.</p>

Finally, this will be the correct option.

<details id="bkmrk-image-1"><summary>Image</summary>

[![image.png](https://bookstack.soffid.com/uploads/images/gallery/2026-01/scaled-1680-/MDL9X6wGYGzC8LaU-image.png)](https://bookstack.soffid.com/uploads/images/gallery/2026-01/MDL9X6wGYGzC8LaU-image.png)

</details>